Dynamic Host Configuration Protocol (DHCP)

Lokasi workload

Workload hanya root
Sumber log audit Log audit Kubernetes
Operasi yang diaudit Operasi CRUD ke konfigurasi DHCP

Operasi CRUD ke konfigurasi DHCP

Operasi CRUD mencakup perubahan data pada konfigurasi DHCP yang dicatat di server log audit.

Kolom dalam entri log yang berisi informasi audit
Metadata audit Nama kolom audit Nilai
Identitas pengguna atau layanan userAgent, user_name

Misalnya,

"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"user": {
  "username": "kubernetes-admin"
}

Target

(Kolom dan nilai yang memanggil API)

 requestURI

Misalnya,

"requestURI": "/api/v1/namespaces/gpc-system/configmaps/gpc-dhcp-conf?fieldManager=kubectl-edit"

Tindakan

(Kolom yang berisi operasi yang dilakukan)

 verb

Misalnya,

"verb": "patch"

Stempel waktu peristiwa requestReceivedTimestamp

Misalnya,

"requestReceivedTimestamp": "2022-12-13T06:59:55.681994Z"

Sumber tindakan _gdch_service_name

Misalnya,

 "_gdch_service_name": "apiserver"

Hasil code

Misalnya,

"responseStatus": {
    "code": 200,
  }

Contoh log

{
  "_gdch_cluster": "root-admin",
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-2z87b",
  "_gdch_service_name": "apiserver",
  "annotations": {
    "authorization_k8s_io_decision": "allow",
    "authorization_k8s_io_reason": ""
  },
  "apiGroup": "UNKNOWN",
  "apiVersion": "audit.k8s.io/v1",
  "auditID": "8841cec6-1557-4278-8ba2-1f89b7953a81",
  "cluster": "root-admin",
  "auditID": "069120c2-c182-4e8f-b863-9c640885bf2b",
  "fluentbit_pod": "anthos-audit-logs-forwarder-2z87b",
  "kind": "Event",
  "level": "Metadata",
  "objectRef": {
    "apiGroup": "UNKNOWN",
    "apiVersion": "v1",
    "name": "gpc-dhcp-conf",
    "namespace": "gpc-system",
    "resource": "configmaps"
  },
  "requestReceivedTimestamp": "2022-12-13T06:59:55.681994Z",
  "requestURI": "/api/v1/namespaces/gpc-system/configmaps/gpc-dhcp-conf?fieldManager=kubectl-edit",
  "responseStatus": {
    "code": 200
  },
  "service_name": "apiserver",
  "stage": "ResponseComplete",
  "stageTimestamp": "2022-12-13T06:59:55.699551Z",
  "userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
  "user": {
    "username": "kubernetes-admin"
  },
  "verb": "patch",
  "Detected": "fields",
  "Time": "1670915285440",
  "tsNs": "1670915285440328017"
}