Help Center/ Ubiquitous Cloud Native Service/ User Guide/ O&M/ Logging/ Collecting Kubernetes Audit Logs
Updated on 2025-07-30 GMT+08:00

Collecting Kubernetes Audit Logs

You can view the logs of master nodes. On the Kubernetes Audit Logs tab, you can select the audit component whose logs to be reported to LTS.

Constraints

  • Huawei Cloud clusters must be of v1.21.7-r0 or later, v1.23.5-r0 or later, or v1.25.
  • There is required LTS resource quota. For details about the default LTS quota, see Basic Resources.
  • Kubernetes audit logs of an attached cluster can only be collected when the master nodes are reachable. If the Cloud Native Log Collection add-on cannot be deployed on the master nodes, log collection policies will not be applied.

Kubernetes Audit Logs

Table 1 Kubernetes audit logs

Log Type

Component

Log Stream

Description

Kubernetes audit logs

audit

audit-{{clusterID}}

An audit log is a chronological record of user operations on Kubernetes APIs and control plane activities for security.

Enabling Log Collection for an On-Premises Cluster or Attached Cluster

The Cloud Native Log Collection add-on is not installed in a cluster.

When installing the Cloud Native Log Collection add-on, you can select Kubernetes audit logs to create a default log collection policy, so that this add-on collects logs and reports them to LTS. For details about the add-on installation, see Log Collection.

The Cloud Native Log Collection add-on has been installed in a cluster.

  1. Access the fleet console. In the navigation pane, choose Container Clusters. Then, click the cluster name to access the cluster console. In the navigation pane, choose Logging.
  2. In the upper right corner, click View Log Collection Policies. All log collection policies in the current cluster are displayed.
  3. Click Create Log Policy and configure parameters as required.

    Policy Template: If no collection policy is enabled for collecting Kubernetes audit logs during add-on installation or the log collection policy is deleted, you can use this option to create a default log collection policy.

  4. On the Logging page, click the Kubernetes Audit Logs tab. Select the log stream configured in the log policy to view the logs reported to LTS.

Enabling Log Collection for a Huawei Cloud Cluster

Enabling log collection during cluster creation

  1. Log in to the CCE console.
  2. Click Buy Cluster. Then, configure the parameters and click Next: Select Add-on.
  3. On the displayed page, select Cloud Native Log Collection and click Next: Configure Add-on.
  4. On the displayed page, select Kubernetes Audit Logs for Cloud Native Log Collection.

    Figure 1 Enabling audit logging during cluster creation

  5. Click Next: Confirm Settings.

Enabling log collection for an existing cluster

  1. Access the fleet console. In the navigation pane, choose Container Clusters. Then, click the cluster name to access the cluster console. In the navigation pane, choose Logging.
  2. Click the kubernetes Audit Logs tab, select the audit component, and click Enable.

Viewing Kubernetes Audit Logs

Viewing Kubernetes audit logs on the UCS console

  1. Access the fleet console. In the navigation pane, choose Container Clusters. Then, click the cluster name to access the cluster console. In the navigation pane, choose Logging.
  2. Click the Kubernetes Audit Logs tab and select a component for which you want to enable audit logs. For details about operations on LTS, see LTS User Guide.

Viewing Kubernetes audit logs on the LTS console

  1. Log in to the LTS console and choose Log Management.
  2. Query the log group by cluster ID and click the log group name to view the log stream. For details, see LTS User Guide.

Disabling Log Collection of a Huawei Cloud Cluster

  1. Access the fleet console. In the navigation pane, choose Container Clusters. Then, click the cluster name to access the cluster console. In the navigation pane, choose Logging.
  2. Click the Kubernetes Audit Logs tab and click Configure Kubernetes Audit Logs to modify the log settings.

  3. Deselect audit and click OK.

    After you disable Kubernetes audit logging, logs are no longer written to the original log stream, but the existing logs will not be deleted and expenditures may be incurred for this.