記錄和稽核記錄 (LOG 和 AL)

{
  "sourceIPs": [
    "10.253.165.26",
    "127.0.0.6"
  ],
  "description": "{
    \"queries\":
      [{
        \"refId\":\"A\",
        \"datasource\":
          {
            \"uid\":\"P762A5DD6F13C8B7A\",
            \"type\":\"loki\"
          },
        \"editorMode\":\"builder\",
        \"expr\":\"{service_name=\\\"grafana\\\"} |= ``\",
        \"queryType\":\"range\",
        \"key\":\"Q-fd978c0c-86fd-4c70-bb38-07737a3be3ad-0\",
        \"maxLines\":1000,
        \"legendFormat\":\"\",
        \"datasourceId\":3,
        \"intervalMs\":500,
        \"maxDataPoints\":1688
      }],
    \"range\":
      {
        \"from\":\"2022-12-02T21:22:03.496Z\",
        \"to\":\"2022-12-02T21:37:03.496Z\",
        \"raw\":{\"from\":\"now-15m\",\"to\":\"now\"}
      },
    \"from\":\"1670016123496\",
    \"to\":\"1670017023496\"
  }",
  "response": "Successful: 200 OK",
  "_gdch_namespace": "infra-obs-obs-system",
  "numBytesSent": 190079,
  "time": "2022-12-02T21:37:03.657277582Z",
  "user": {
    "issuer": "https://ais-core.org-1.zone1.google.gdch.test",
    "identity": "fop-infrastructure-operator@example.com"
  },
  "_gdch_service_name": "grafana",
  "_gdch_service_tenant": "infra-obs",
  "numBytesReceived": 3172,
  "resource": "/infra-obs/grafana/api/ds/query",
  "auditID": "b519ec65-d906-4a79-bcfe-a4e1984045fe",
  "action": "QUERY",
  "_gdch_cluster": "org-1-admin",
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-9x9pd"
}

{
  "level": "Metadata",
  "auditID": "94c2106f-1fd1-428b-adbc-80ac48ef479e",
  "_gdch_cluster": "org-1-admin",
  "requestURI": "/apis/logging.gdc.goog/v1/namespaces/obs-system/loggingtargets/lt-cfg1",
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-4gwpn",
  "verb": "update",
  "userAgent": "fleet-admin-cm/v0.0.0 (linux/amd64) kubernetes/$Format",
  "responseStatus": {
    "metadata": {},
    "code": 200
  },
  "user": {
    "extra": {
      "authentication.kubernetes.io/pod-name": [
        "fleet-admin-controller-875778d98-99l6n"
      ],
      "authentication.kubernetes.io/pod-uid": [
        "4800e06c-c96d-4e17-ae1a-b5a74eedf6ee"
      ]
    },
    "uid": "b18e586e-db0e-417e-9dff-1a722ab36bf4",
    "username": "system:serviceaccount:gpc-system:fleet-admin-controller",
    "groups": [
      "system:serviceaccounts",
      "system:serviceaccounts:gpc-system",
      "system:authenticated"
    ]
  },
  "annotations": {
    "authorization.k8s.io/decision": "allow",
    "authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"fleet-admin-common-controller\" of ClusterRole \"fleet-admin-common-controllers-role\" to ServiceAccount \"fleet-admin-controller/gpc-system\""
  },
  "sourceIPs": [
    "10.253.164.209"
  ],
  "stage": "ResponseComplete",
  "kind": "Event",
  "apiVersion": "audit.k8s.io/v1",
  "stageTimestamp": "2022-12-06T14:37:41.035715Z",
  "objectRef": {
    "uid": "2e540720-ed23-4665-8c40-c399cb6be624",
    "namespace": "obs-system",
    "name": "lt-cfg1",
    "resource": "loggingtargets",
    "apiVersion": "v1",
    "apiGroup": "logging.gdc.goog",
    "resourceVersion": "5326570"
  },
  "requestReceivedTimestamp": "2022-12-06T14:37:40.942762Z",
  "_gdch_service_name": "apiserver"
}

{
  "level": "Metadata",
  "auditID": "94c2106f-1fd1-428b-adbc-80ac48ef479e",
  "_gdch_cluster": "org-1-admin",
  "requestURI": "/apis/logging.gdc.goog/v1/namespaces/obs-system/loggingrules/lr-cfg1",
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-4gwpn",
  "verb": "update",
  "userAgent": "fleet-admin-cm/v0.0.0 (linux/amd64) kubernetes/$Format",
  "responseStatus": {
    "metadata": {},
    "code": 200
  },
  "user": {
    "extra": {
      "authentication.kubernetes.io/pod-name": [
        "fleet-admin-controller-875778d98-99l6n"
      ],
      "authentication.kubernetes.io/pod-uid": [
        "4800e06c-c96d-4e17-ae1a-b5a74eedf6ee"
      ]
    },
    "uid": "b18e586e-db0e-417e-9dff-1a722ab36bf4",
    "username": "system:serviceaccount:gpc-system:fleet-admin-controller",
    "groups": [
      "system:serviceaccounts",
      "system:serviceaccounts:gpc-system",
      "system:authenticated"
    ]
  },
  "annotations": {
    "authorization.k8s.io/decision": "allow",
    "authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"fleet-admin-common-controller\" of ClusterRole \"fleet-admin-common-controllers-role\" to ServiceAccount \"fleet-admin-controller/gpc-system\""
  },
  "sourceIPs": [
    "10.253.164.209"
  ],
  "stage": "ResponseComplete",
  "kind": "Event",
  "apiVersion": "audit.k8s.io/v1",
  "stageTimestamp": "2022-12-06T14:37:41.035715Z",
  "objectRef": {
    "uid": "2e540720-ed23-4665-8c40-c399cb6be624",
    "namespace": "obs-system",
    "name": "lr-cfg1",
    "resource": "loggingrules",
    "apiVersion": "v1",
    "apiGroup": "logging.gdc.goog",
    "resourceVersion": "5326570"
  },
  "requestReceivedTimestamp": "2022-12-06T14:37:40.942762Z",
  "_gdch_service_name": "apiserver"
}

{
  "_gdch_cluster": "root-admin",
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-vrfkc",
  "_gdch_org_id": "root.zone1.google.gdch.test",
  "_gdch_org_name": "root",
  "_gdch_zone_id": "zone1",
  "annotations": {
    "authorization.k8s.io/decision": "allow",
    "authorization.k8s.io/reason": ""
  },
  "apiVersion": "audit.k8s.io/v1",
  "auditID": "ade605c0-8043-4231-8471-dc02b14ff327",
  "kind": "Event",
  "level": "Metadata",
  "objectRef": {
    "apiGroup": "logging.gdc.goog",
    "apiVersion": "v1",
    "name": "audit",
    "namespace": "alice",
    "resource": "siemorgforwarders"
  },
  "requestReceivedTimestamp": "2025-02-05T03:16:06.564964Z",
  "requestURI": "/apis/logging.gdc.goog/v1/namespaces/alice/siemorgforwarders/audit",
  "responseStatus": {
    "code": 200,
    "metadata": {}
  },
  "sourceIPs": [
    "10.200.0.4"
  ],
  "stage": "ResponseComplete",
  "stageTimestamp": "2025-02-05T03:16:06.567624Z",
  "user": {
    "groups": [
      "system:masters",
      "system:authenticated"
    ],
    "username": "kubernetes-admin"
  },
  "userAgent": "k9s/v0.0.0 (linux/amd64) kubernetes/$Format",
  "verb": "get"
}