发送反馈
节点和操作系统 (OS)
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
工作负载位置
硬件
审核日志源
节点操作系统
接受审核的操作
登录事件
通过 OS SSH 连接进行的所有访问尝试和操作。
包含审核信息的日志条目中的字段
审核元数据
审核字段名称
值
用户或服务身份 ident
"ident": "sshd"
目标
(调用 API 的字段和值)
message
例如,
"message": "pam_tty_audit(sshd:session): restored status to 0"
操作
(包含所执行操作的字段)
message
例如,
"message": "pam_tty_audit(sshd:session): restored status to 0"
活动时间戳 time
例如,
"time": "2022-11-30T22:53:39.442037+00:00"
操作来源 host
例如,
"host": "zb-aa-bm01"
结果 message
例如,
"message": "pam_tty_audit(sshd:session): restored status to 0"
其他字段 不适用 不适用
日志示例
{
"pri" : "87" ,
"time" : "2022-11-30T22:53:39.442037+00:00" ,
"host" : "zb-aa-bm01" ,
"ident" : "sshd" ,
"pid" : "757322" ,
"msgid" : "-" ,
"extradata" : "-" ,
"message" : "pam_tty_audit(sshd:session): restored status to 0" ,
"_gdch_cluster" : "root-admin" ,
"_gdch_fluentbit_pod" : "anthos-audit-logs-forwarder-dn5jn" ,
"_gdch_service_name" : "inventory-machine-bm-e2c2a7e1"
}
操作系统 TTY 事件
所有在控制台上输出内容的命令。
包含审核信息的日志条目中的字段
审核元数据
审核字段名称
值
用户或服务身份 ident
"ident": "audispd"
目标
(调用 API 的字段和值)
message
例如,
"message": "node=ubuntu type=TTY msg=audit(1671531815.870:94280): tty pid=1217279 uid=0 auid=0 ses=3536 major=136 minor=0 comm=\"pager\" data=71"
操作
(包含所执行操作的字段)
message
例如,
"message": "node=ubuntu type=TTY msg=audit(1671531815.870:94280): tty pid=1217279 uid=0 auid=0 ses=3536 major=136 minor=0 comm=\"pager\" data=71"
活动时间戳 time
例如,
"time": "2022-12-20T10:23:35.878924+00:00"
操作来源 host
例如,
"host": "zk-aa-bm08"
结果 message
例如,
"message": "node=ubuntu type=TTY msg=audit(1671531815.870:94280): tty pid=1217279 uid=0 auid=0 ses=3536 major=136 minor=0 comm=\"pager\" data=71"
其他字段 不适用 不适用
日志示例
{
"pri" : "14" ,
"time" : "2022-12-20T10:23:35.878924+00:00" ,
"host" : "zk-aa-bm08" ,
"ident" : "audispd" ,
"pid" : "-" ,
"msgid" : "-" ,
"extradata" : "-" ,
"message" : "node=ubuntu type=TTY msg=audit(1671531815.870:94280): tty pid=1217279 uid=0 auid=0 ses=3536 major=136 minor=0 comm=\"pager\" data=71" ,
"_gdch_cluster" : "root-admin" ,
"_gdch_fluentbit_pod" : "anthos-audit-logs-forwarder-w6fl4" ,
"_gdch_service_name" : "inventory-machine-bm-7cc496d5"
}
ClamAV 事件
所有 ClamAV 扫描事件。
包含审核信息的日志条目中的字段
审核元数据
审核字段名称
值
用户或服务身份 ident
可能的值:
"ident": "clamav""ident": "clamonacc"
目标
(调用 API 的字段和值)
message
例如,
"message": "No virus found"
操作
(包含所执行操作的字段)
message
例如,
"message": "No virus found"
活动时间戳 time
例如,
"time": "2022-12-20T04:01:47.219862+00:00"
操作来源 host
例如,
"host": "zk-aa-bm09"
结果 message
例如,
"message": "No virus found"
其他字段 不适用 不适用
日志示例
{
"pri" : "86" ,
"time" : "2022-12-20T04:01:47.219862+00:00" ,
"host" : "zk-aa-bm09" ,
"ident" : "clamav" ,
"pid" : "-" ,
"msgid" : "-" ,
"extradata" : "-" ,
"message" : "No virus found" ,
"_gdch_cluster" : "root-admin" ,
"_gdch_fluentbit_pod" : "anthos-audit-logs-forwarder-lcxgq" ,
"_gdch_service_name" : "inventory-machine-bm-b11f4752"
}
AIDE 事件
所有 AIDE 入侵检测事件。
包含审核信息的日志条目中的字段
审核元数据
审核字段名称
值
用户或服务身份 ident
"ident": "aide"
目标
(调用 API 的字段和值)
message
例如,
"message": "AIDE check passed."
操作
(包含所执行操作的字段)
message
例如,
"message": "AIDE check passed."
活动时间戳 time
例如,
"time": "2022-12-20T10:20:09.428106+00:00"
操作来源 host
例如,
"host": "zk-aa-bm08"
结果 message
例如,
"message": "AIDE check passed."
其他字段 不适用 不适用
日志示例
{
"pri" : "86" ,
"time" : "2022-12-20T10:20:09.428106+00:00" ,
"host" : "zk-aa-bm08" ,
"ident" : "aide" ,
"pid" : "-" ,
"msgid" : "-" ,
"extradata" : "-" ,
"message" : "AIDE check passed." ,
"_gdch_cluster" : "root-admin" ,
"_gdch_fluentbit_pod" : "anthos-audit-logs-forwarder-lcxgq" ,
"_gdch_service_name" : "inventory-machine-bm-7cc496d5"
}
发送反馈
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可 获得了许可,并且代码示例已根据 Apache 2.0 许可 获得了许可。有关详情,请参阅 Google 开发者网站政策 。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-09-04。
需要向我们提供更多信息?
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-04。"],[[["\u003cp\u003eThis audit log data is sourced from the Node OS and is focused on hardware workload locations.\u003c/p\u003e\n"],["\u003cp\u003eAudited operations include sign-in events, which cover all access attempts via OS SSH connections.\u003c/p\u003e\n"],["\u003cp\u003eThe audited data also includes OS TTY events, which record all commands with console outputs.\u003c/p\u003e\n"],["\u003cp\u003eClamAV scanning events are audited, capturing data related to all virus scans and results.\u003c/p\u003e\n"],["\u003cp\u003eAdvanced Intrusion Detection Environment (AIDE) events are also audited, documenting all intrusion detection checks and their outcomes.\u003c/p\u003e\n"]]],[],null,["# Node and operating system (OS)\n\nSign-in events\n--------------\n\nAll access attempts and actions through OS SSH connections.\n\n**Example log** \n\n {\n \"pri\": \"87\",\n \"time\": \"2022-11-30T22:53:39.442037+00:00\",\n \"host\": \"zb-aa-bm01\",\n \"ident\": \"sshd\",\n \"pid\": \"757322\",\n \"msgid\": \"-\",\n \"extradata\": \"-\",\n \"message\": \"pam_tty_audit(sshd:session): restored status to 0\",\n \"_gdch_cluster\": \"root-admin\",\n \"_gdch_fluentbit_pod\": \"anthos-audit-logs-forwarder-dn5jn\",\n \"_gdch_service_name\": \"inventory-machine-bm-e2c2a7e1\"\n }\n\nOS TTY events\n-------------\n\nAll commands printing outputs on the console.\n\n**Example log** \n\n {\n \"pri\": \"14\",\n \"time\": \"2022-12-20T10:23:35.878924+00:00\",\n \"host\": \"zk-aa-bm08\",\n \"ident\": \"audispd\",\n \"pid\": \"-\",\n \"msgid\": \"-\",\n \"extradata\": \"-\",\n \"message\": \"node=ubuntu type=TTY msg=audit(1671531815.870:94280): tty pid=1217279 uid=0 auid=0 ses=3536 major=136 minor=0 comm=\\\"pager\\\" data=71\",\n \"_gdch_cluster\": \"root-admin\",\n \"_gdch_fluentbit_pod\": \"anthos-audit-logs-forwarder-w6fl4\",\n \"_gdch_service_name\": \"inventory-machine-bm-7cc496d5\"\n }\n\nClamAV events\n-------------\n\nAll ClamAV scanning events.\n\n**Example log** \n\n {\n \"pri\": \"86\",\n \"time\": \"2022-12-20T04:01:47.219862+00:00\",\n \"host\": \"zk-aa-bm09\",\n \"ident\": \"clamav\",\n \"pid\": \"-\",\n \"msgid\": \"-\",\n \"extradata\": \"-\",\n \"message\": \"No virus found\",\n \"_gdch_cluster\": \"root-admin\",\n \"_gdch_fluentbit_pod\": \"anthos-audit-logs-forwarder-lcxgq\",\n \"_gdch_service_name\": \"inventory-machine-bm-b11f4752\"\n }\n\nAIDE events\n-----------\n\nAll AIDE intrusion detection events.\n\n**Example log** \n\n {\n \"pri\": \"86\",\n \"time\": \"2022-12-20T10:20:09.428106+00:00\",\n \"host\": \"zk-aa-bm08\",\n \"ident\": \"aide\",\n \"pid\": \"-\",\n \"msgid\": \"-\",\n \"extradata\": \"-\",\n \"message\": \"AIDE check passed.\",\n \"_gdch_cluster\": \"root-admin\",\n \"_gdch_fluentbit_pod\": \"anthos-audit-logs-forwarder-lcxgq\",\n \"_gdch_service_name\": \"inventory-machine-bm-7cc496d5\"\n }"]]
