| 工作负载位置 |
根工作负载和组织工作负载 |
| 审核日志源 | |
| 接受审核的操作 |
更新区域
| 包含审核信息的日志条目中的字段 | ||
|---|---|---|
| 审核元数据 | 审核字段名称 | 值 |
| 用户或服务身份 | user.username |
例如, "user":{ "username": "fop-dns@example.com" } |
|
目标 (调用 API 的字段和值) |
requestURI |
|
|
操作 (包含所执行操作的字段) |
verb |
|
| 活动时间戳 |
ts
|
例如,
|
| 操作来源 | sourceIPs |
例如,
|
| 结果 | responseStatus.code |
例如, "responseStatus":{ "code":200 } |
| 其他字段 |
|
例如, "annotations":{ "authorization.k8s.io/decision":"allow" }, "objectRef":{ "resourceVersion":"697063", "uid":"aed2e6f7-ca03-4bcd-9c07-167ccd4da88e", "apiVersion":"v1", "resource":"configmaps", "apiGroup":"UNKNOWN", "namespace":"dns-system", "name":"gpc-coredns-external-zonefile" } |
日志示例
{
"_gdch_cluster":"root-admin",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-7s769",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"dns-core-controllers-rolebinding\" of ClusterRole \"dns-core-controllers-role\" to ServiceAccount \"dns-core-controller-sa/dns-system\"",
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"resourceVersion":"697063",
"uid":"aed2e6f7-ca03-4bcd-9c07-167ccd4da88e",
"apiVersion":"v1",
"resource":"configmaps",
"apiGroup":"UNKNOWN",
"namespace":"dns-system",
"name":"gpc-coredns-external-zonefile"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/api/v1/namespaces/dns-system/configmaps/gpc-coredns-external-zonefile",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"ts":2022-11-11T22:02:02.074Z,
"tsNs":1668204122074601081,
"user":{
"uid":"08f727c9-5e3d-403f-bf35-06ef53f9709c",
"groups":[
"system:serviceaccounts",
"system:serviceaccounts:dns-system",
"system:authenticated"
],
"username": "system:serviceaccount:dns-system:dns-core-controller-sa",
"extra": {
"authentication.kubernetes.io/pod-name":["dns-core-controller-58c4646858-z8kmr"],
"authentication.kubernetes.io/pod-uid":["17d9392a-bc27-4d6c-bab7-ff076a5457eb"]
}
},
"userAgent":"controller-manager/v0.0.0 (linux/amd64) kubernetes/$Format",
"verb":"update"
}
创建或删除 DNSSEC 密钥
| 包含审核信息的日志条目中的字段 | ||
|---|---|---|
| 审核元数据 | 审核字段名称 | 值 |
| 用户或服务身份 | user.username |
例如, "user":{ "username": "fop-dns@example.com" } |
|
目标 (调用 API 的字段和值) |
requestURI |
|
|
操作 (包含所执行操作的字段) |
verb |
|
| 活动时间戳 |
ts
|
例如,
|
| 操作来源 | sourceIPs |
例如,
|
| 结果 | responseStatus.code |
例如, "responseStatus":{ "code":200 } |
| 其他字段 |
|
例如, "annotations":{ "authorization.k8s.io/decision":"allow" }, "objectRef":{ "resource": "secrets", "namespace":"dns-system", "uid":"9a9c16ca-3601-4bc9-8683-629a61ea5634", "apiVersion":"v1", "resourceVersion":"825911", "apiGroup":"UNKNOWN", "name":"gpc-coredns-external-ksks" } |
日志示例
{
"_gdch_cluster":"root-admin",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-t15kb",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by RoleBinding 'fop-dns@example.com-dns-key-manager/dns-system' of Role 'dns-key-manager' to User 'fop-dns@example.com'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"87d3d836-b5a2-487a-8480-bc8078c5b248",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"resource": "secrets",
"namespace":"dns-system",
"uid":"9a9c16ca-3601-4bc9-8683-629a61ea5634",
"apiVersion":"v1",
"resourceVersion":"825911",
"apiGroup":"UNKNOWN",
"name":"gpc-coredns-external-ksks"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/api/v1/namespaces/dns-system/secrets/gpc-coredns-external-ksks",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"ts":2022-11-11T22:02:02.074Z,
"tsNs":1668204122074601081,
"user":{
"groups":[
"system: authenticated"
],
"username": "fop-dns@example.com"
},
"userAgent":"gdcloud/v0.0.0 (linux/amd64) kubernetes/$Format",
"verb":"update"
}
更改 DNSSEC 密钥
| 包含审核信息的日志条目中的字段 | ||
|---|---|---|
| 审核元数据 | 审核字段名称 | 值 |
| 用户或服务身份 | user.username |
例如, "user":{ "username": "fop-dns@example.com" } |
|
目标 (调用 API 的字段和值) |
requestURI |
|
|
操作 (包含所执行操作的字段) |
verb |
|
| 活动时间戳 |
ts
|
例如,
|
| 操作来源 | sourceIPs |
例如,
|
| 结果 | responseStatus.code |
例如, "responseStatus":{ "code":200 } |
| 其他字段 |
|
例如, "annotations":{ "authorization.k8s.io/decision":"allow" }, "objectRef":{ "resourceVersion":"758987", "resource":"configmaps", "apiGroup":"UNKNOWN", "name":"gpc-coredns-external-corefile", "apiVersion":"v1", "namespace":"dns-system", "uid":"d831c851-4fa3-4£30-92f6-c68cb36b0c62" } |
日志示例
{
"_gdch_cluster":"root-admin",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by RoleBinding 'fop-dns@example.com-dns-key-manager/dns-system' of Role 'dns-key-manager' to User 'fop-dns@example.com'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"resourceVersion":"758987",
"resource":"configmaps",
"apiGroup":"UNKNOWN",
"name":"gpc-coredns-external- corefile",
"apiVersion":"v1",
"namespace":"dns-system",
"uid":"d831c851-4fa3-4£30-92f6-c68cb36b0c62"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/api/v1/namespaces/dns-system/configmaps/gpc-coredns-external-corefile",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"ts":2022-11-11T22:02:02.074Z,
"tsNs":1668204122074601081,
"user":{
"groups":[
"system: authenticated"
],
"username": "fop-dns@example.com"
},
"userAgent":"gdcloud/v0.0.0 (linux/amd64) kubernetes/$Format",
"verb":"update"
}