| Sumber log audit |
|
| Operasi yang diaudit |
Menjalankan kueri PromQL menggunakan antarmuka pengguna instance pemantauan
| Sumber log audit |
Proxy server |
| Jenis log |
Bidang data |
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "identity":"fop-cluster-admin@example.com", "issuer":"https://ais-core.org-1.zone1.google.gdch.test" } |
|
Target (Kolom dan nilai yang memanggil API) |
resource |
Misalnya,
|
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
action |
Nilai yang memungkinkan:
|
| Stempel waktu peristiwa |
time
|
Misalnya,
|
| Sumber tindakan |
|
Misalnya, "sourceIPs":[ "10.253.166.214", "127.0.0.6" ], "_gdch_service_name":"grafana" |
| Hasil | response |
Misalnya,
|
| Kolom lainnya | description |
Nilai description berisi kueri lengkap. Untuk mengetahui informasi selengkapnya, lihat Contoh log. |
Contoh log
{
"resource":"/infra-obs/grafana/api/ds/query",
"response":"Successful: 200 OK",
"_gdch_service_tenant":"infra-obs",
"sourceIPs":[
"10.253.166.214",
"127.0.0.6"
],
"_gdch_namespace":"infra-obs-obs-system",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:107.0) Gecko/20100101 Firefox/107.0",
"time":"2022-12-05T14:39:15.713354008Z",
"auditID":"6bba5ff1-97d9-4bf8-92af-4f63049448cf",
"numBytesSent":1821,
"action":"QUERY",
"_gdch_service_name":"grafana",
"numBytesReceived":2827,
"description":"{
\"queries\":[{
\"refId\":\"A\",
\"expr\":\"{container=\\\"grafana-proxy-server\\\"},
\"queryType\":\"range\",
\"datasource\":{\"uid\":\"P982945308D3682D1\",\"type\":\"loki\"},
\"key\":\"Q-c63373da-dec2-49c3-aa6c-4e5ba07ec8de-0\",
\"editorMode\":\"builder\",
\"maxLines\":1000,
\"legendFormat\":\"\",
\"datasourceId\":2,
\"intervalMs\":1000,
\"maxDataPoints\":2493
}],
\"range\":{
\"from\":\"2022-12-05T13:39:15.461Z\",
\"to\":\"2022-12-05T14:39:15.461Z\",
\"raw\":{\"from\":\"now-1h\",\"to\":\"now\"}
},
\"from\":\"1670247555461\",
\"to\":\"1670251155461\"
}",
"user":{
"identity":"fop-cluster-admin@example.com",
"issuer":"https://ais-core.org-1.zone1.google.gdch.test"
},
"_gdch_cluster":"org-1-admin",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-whltm"
}
Menjalankan kueri PromQL menggunakan HTTP API
| Sumber log audit |
Proxy server |
| Jenis log |
Bidang data |
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "issuer":"https://ais-core.org-1.zone1.google.gdch.test", "identity":"fop-cluster-admin@example.com" } |
|
Target (Kolom dan nilai yang memanggil API) |
resource |
Misalnya,
|
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
action |
Nilai yang memungkinkan:
|
| Stempel waktu peristiwa |
time
|
Misalnya,
|
| Sumber tindakan |
|
Misalnya, "sourceIPs":[ "10.200.0.1", "127.0.0.6" ], "_gdch_service_name":"cortex" |
| Hasil | response |
Misalnya,
|
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"user":{
"issuer":"https://ais-core.org-1.zone1.google.gdch.test",
"identity":"fop-cluster-admin@example.com"
},
"_gdch_service_tenant":"infra-obs",
"_gdch_service_name":"cortex",
"resource":"/alertmanager/api/v2/alerts/groups?silenced=false&inhibited=false&active=true",
"time":"2022-12-05T18:20:50.616925009Z",
"action":"READ",
"numBytesReceived":2376,
"sourceIPs":[
"10.200.0.1",
"127.0.0.6"
],
"_gdch_namespace":"obs-system",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:107.0) Gecko/20100101 Firefox/107.0",
"numBytesSent":173,
"auditID":"8451a7b3-77f9-4878-9308-641b55a83865",
"response":"Successful: 200 OK",
"_gdch_cluster":"org-1-admin",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-2wqxp"
}
Melakukan operasi CRUD dasbor
| Sumber log audit | |
| Jenis log |
Bidang kontrol |
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "extra":{ "authentication.kubernetes.io/pod-name":["fleet-admin-controller-875778d98-dnkj2"], "authentication.kubernetes.io/pod-uid":["caa4df7a-ae04-458e-a616-1c6893ce6e46"] }, "username":"system:serviceaccount:gpc-system:fleet-admin-controller", "groups":[ "system:serviceaccounts", "system:serviceaccounts:gpc-system", "system:authenticated" ], "uid":"0b93d757-e3be-440a-b18a-4a2b524de156" } |
|
Target (Kolom dan nilai yang memanggil API) |
|
Misalnya, "requestURI":"/apis/observability.gdc.goog/v1/namespaces/alice-obs-system/dashboards", "objectRef":{ "apiVersion":"v1", "apiGroup":"observability.gdc.goog", "resource":"dashboards", "namespace":"alice-obs-system" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
Nilai yang memungkinkan:
|
| Stempel waktu peristiwa |
requestReceivedTimestamp
|
Misalnya,
|
| Sumber tindakan |
|
Misalnya, "sourceIPs":["10.253.166.100"], "_gdch_service_name":"apiserver" |
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "code":201, "metadata":{} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"user":{
"extra":{
"authentication.kubernetes.io/pod-name":["fleet-admin-controller-875778d98-dnkj2"],
"authentication.kubernetes.io/pod-uid":["caa4df7a-ae04-458e-a616-1c6893ce6e46"]
},
"username":"system:serviceaccount:gpc-system:fleet-admin-controller",
"groups":[
"system:serviceaccounts",
"system:serviceaccounts:gpc-system",
"system:authenticated"
],
"uid":"0b93d757-e3be-440a-b18a-4a2b524de156"
},
"kind":"Event",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-2wqxp",
"apiVersion":"audit.k8s.io/v1",
"_gdch_cluster":"org-1-admin",
"level":"Metadata",
"stageTimestamp":"2022-12-05T15:36:24.980257Z",
"auditID":"a060d80a-4a47-4490-a859-5d3ccff36d3d",
"requestReceivedTimestamp":"2022-12-05T15:36:24.980257Z",
"userAgent":"fleet-admin-cm/v0.0.0 (linux/amd64) kubernetes/$Format",
"stage":"RequestReceived",
"requestURI":"/apis/observability.gdc.goog/v1/namespaces/alice-obs-system/dashboards",
"objectRef":{
"apiVersion":"v1",
"apiGroup":"observability.gdc.goog",
"resource":"dashboards",
"namespace":"alice-obs-system"
},
"verb":"create",
"sourceIPs":["10.253.166.100"],
"_gdch_service_name":"apiserver"
}
Melakukan operasi CRUD pemberitahuan
| Sumber log audit | |
| Jenis log |
Bidang kontrol |
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username":"kubernetes-admin", "groups":[ "system:masters", "system:authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
|
Misalnya, "requestURI":"/apis/monitoring.gdc.goog/v1/namespaces/alice/monitoringrules?fieldManager=kubectl-client-side-apply&fieldValidation=Strict", "objectRef":{ "apiVersion":"v1", "apiGroup":"monitoring.gdc.goog", "name":"obs-test-alert-sequel", "namespace":"alice", "resource":"monitoringrules" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
Nilai yang memungkinkan:
|
| Stempel waktu peristiwa |
requestReceivedTimestamp
|
Misalnya,
|
| Sumber tindakan |
|
Misalnya, "sourceIPs":["10.200.0.6"], "_gdch_service_name":"apiserver" |
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "code":201, "metadata":{} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"level":"Metadata",
"sourceIPs":[
"10.200.0.6"
],
"auditID":"753c3370-d3a5-4717-b84e-00fd56883fc4",
"requestURI":"/apis/monitoring.gdc.goog/v1/namespaces/alice/monitoringrules?fieldManager=kubectl-client-side-apply&fieldValidation=Strict",
"apiVersion":"audit.k8s.io/v1",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-fgkth",
"user":{
"username":"kubernetes-admin",
"groups":[
"system:masters",
"system:authenticated"
]
},
"userAgent":"kubectl/v1.25.4 (linux/amd64) kubernetes/872a965",
"verb":"create",
"stage":"ResponseComplete",
"stageTimestamp":"2022-12-05T16:28:50.636050Z",
"_gdch_cluster":"org-1-admin",
"objectRef":{
"apiVersion":"v1",
"apiGroup":"monitoring.gdc.goog",
"name":"obs-test-alert-sequel",
"namespace":"alice",
"resource":"monitoringrules"
},
"responseStatus":{
"code":201,
"metadata":{}
},
"kind":"Event",
"annotations":{
"authorization.k8s.io/reason":"",
"authorization.k8s.io/decision":"allow"
},
"requestReceivedTimestamp":"2022-12-05T16:28:50.619659Z",
"_gdch_service_name":"apiserver"
}