實體伺服器 (SERV)

工作負載位置

僅限機構工作負載
稽核記錄來源

  • 實體伺服器
  • 伺服器自訂資源
稽核的作業

機器事件

記錄項目中包含稽核資訊的欄位
稽核中繼資料 稽核欄位名稱
使用者或服務身分 gdch_service_name

例如,假設使用者要求系統 將文字從英文翻譯成法文

"_gdch_service_name": "bm_nodes"

目標

(呼叫 API 的欄位和值)

 description

"description": "The overall security state of the system is at \"Risk\"

動作

(包含所執行作業的欄位)

 description

"description": "The overall security state of the system is at \"Risk\"

事件時間戳記 time

例如,假設使用者要求系統 將文字從英文翻譯成法文

"time": "2022-12-02T16:06:29Z"

動作來源 resource

例如,假設使用者要求系統 將文字從英文翻譯成法文

"resource": "zb-ab-bm07"

結果 不適用 不適用
其他欄位 不適用 不適用

範例記錄


{
  "description": "The overall security state of the system is at \"Risk\".",
  "_gdch_service_name": "bm_nodes",
  "resource": "zb-ab-bm07",
  "auditID": "IEL#32321",
  "user": {},
  "time": "2022-12-02T16:06:29Z",
  "_gdch_cluster": "root-admin",
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-5k8l2"
}

資料變更 (CRUD 作業)

記錄項目中包含稽核資訊的欄位
稽核中繼資料 稽核欄位名稱
使用者或服務身分 username

例如,假設使用者要求系統 將文字從英文翻譯成法文

"user":{
 "username":"system:serviceaccount:
 gpc-system:root-admin-controller-sa"
  }

目標

(呼叫 API 的欄位和值)

 requestURI

"requestURI":"/apis/system.private.gdc.goog/v1alpha1/ namespaces/gpc-system/servers/zb-aa-bm07/status"

動作

(包含所執行作業的欄位)

 verb

"verb":"patch"

事件時間戳記 requestReceivedTimestamp

例如,假設使用者要求系統 將文字從英文翻譯成法文

"requestReceivedTimestamp":"2022-12-02T23:52:22.509246Z"

動作來源 sourceIPs

例如,假設使用者要求系統 將文字從英文翻譯成法文

"sourceIPs":["10.251.127.4"]
結果 responseStatus

例如,假設使用者要求系統 將文字從英文翻譯成法文

"responseStatus":{"metadata":{},"code":200}
其他欄位
  • annotations
  • objectRef

例如,假設使用者要求系統 將文字從英文翻譯成法文

 "objectRef":{
"resource":"servers",
"apiGroup":
"system.private.gdc.goog",
"name":"zb-aa-bm07",
"apiVersion":"v1alpha1",
"namespace":"gpc-system",
"subresource":"status"
    }

範例記錄

{
"user":{
"groups":["system:serviceaccounts","system:serviceaccounts:gpc-system"
"system:authenticated"]
"extra":{"authentication.kubernetes.io/pod-uid":["8a33590d-bbf2-4a23-b5de-851a451fac32"],
"authentication.kubernetes.io/pod-name":["root-admin-controller-5c5d44f45-2r5d4"]
},
"username":"system:serviceaccount:gpc-system:root-admin-controller-sa",
"uid":"ecaee5a1-f7e0-47e7-ae46-1cbd42fb2e99"
},
"requestURI":"/apis/system.private.gdc.goog/v1alpha1/namespaces/gpc-system/servers/zb-aa-bm07/status",
"sourceIPs":["10.251.127.4"],
"verb":"patch",
"userAgent":"root-admin-cm/v0.0.0 (linux/amd64) kubernetes/$Format",
"requestReceivedTimestamp":"2022-12-02T23:52:22.509246Z",
"stageTimestamp":"2022-12-02T23:52:22.527613Z",
"_gdch_cluster":"root-admin",
"responseStatus":{"metadata":{},"code":200},
"annotations":{
"authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \
"root-admin-rootadmin-controllers-rolebinding\" of ClusterRole \
"root-admin-rootadmin-controllers-role\" to ServiceAccount \
"root-admin-controller-sa/gpc-system\"","authorization.k8s.io/decision":"allow"
},
"objectRef":{
"resource":"servers",
"apiGroup":
"system.private.gdc.goog",
"name":"zb-aa-bm07",
"apiVersion":"v1alpha1",
"namespace":"gpc-system",
"subresource":"status"
},
"gdch_fluentbit_pod":"anthos-audit-logs-forwarder-kp68x",
"kind":"Event",
"apiVersion":"audit.k8s.io/v1",
"stage":"ResponseComplete",
"level":"Metadata",
"auditID":"2b2b0ec8-627b-4f69-aa19-b6ba2c3e20cb",
"_gdch_service_name":"apiserver"
}