System artifacts exist in the Artifact Registry of the admin cluster. All changes and operations performed on the system artifacts are audited. As an Infrastructure Operator (IO), view the audit logs through the monitoring instance.
Before you begin
To get the permissions that you need to view audit logs, ask your Security Admin to grant you the Grafana Viewer (grafana-viewer
) role.
Retrieve audit logs for system artifacts in the admin cluster
To retrieve audit logs for system artifacts in the admin cluster, complete the following steps:
Go to the monitoring instance UI for the admin cluster.
Click Explore > audit-logs-loki and build the query to get audit logs.
Find artifacts with Loki queries
You can build Loki queries to find artifacts.
The following sections contain examples for querying audit logs.
Query audit logs for all system artifacts
Run the following query to return audit logs for all system artifacts:
{cluster="ADMIN_CLUSTER",service_name="artifactmanagement"}
Replace ADMIN_CLUSTER with the target cluster name, such as
root-admin
.
For example:
{cluster="root-admin", service_name="artifactmanagement"}`
Query audit logs for one specific Artifact Registry
Run the following query to return audit logs for one specific Artifact Registry:
{cluster="ADMIN_CLUSTER",service_name="artifactmanagement"} | json resource="resource" | resource=~"^REGISTRY_PREFIX.*"
Replace the following:
- ADMIN_CLUSTER: the admin cluster name, such as
root-admin
. - REGISTRY_PREFIX: the target Artifact Registry name prefix.
For example:
{cluster="root-admin",service_name="artifactmanagement"} | json resource="resource" | resource=~"^gpc-system-services.*"
The query to return audit logs from the gpc-system-services
Artifact Registry of the
root-admin
cluster displays the resulting audit logs as a list on the same page.
Query audit logs for multiple Artifact Registry registries
Run the following query to return audit logs for multiple Artifact Registry registries:
{cluster="ADMIN_CLUSTER",service_name="artifactmanagement"} | json resource="resource" | resource=~"^REGISTRY1_PREFIX.*" or resource=~"^REGISTRY2_PREFIX.*"
Replace the following:
- ADMIN_CLUSTER: the target cluster name, such as
root-admin
. - REGISTRY1_PREFIX: the first target Artifact Registry name prefix.
- REGISTRY2_PREFIX: the second target Artifact Registry name prefix.
For example:
{cluster="root-admin",service_name="artifactmanagement"} | json resource="resource" | resource=~"^gpc-system.*" or resource=~"^library/.*"