| 工作負載位置 |
僅限根層級工作負載 |
| 稽核記錄來源 | |
| 稽核的作業 |
資料變更 (CRUD 作業)
| 記錄項目中包含稽核資訊的欄位 | ||
|---|---|---|
| 稽核中繼資料 | 稽核欄位名稱 | 值 |
| 使用者或服務身分 | username |
例如,假設使用者要求系統 將文字從英文翻譯成法文
|
|
目標 (呼叫 API 的欄位和值) |
requestURI |
|
|
動作 (包含所執行作業的欄位) |
verb |
|
| 事件時間戳記 |
requestReceivedTimestamp
|
例如,假設使用者要求系統 將文字從英文翻譯成法文
|
| 動作來源 | _gdch_service_name |
例如,假設使用者要求系統 將文字從英文翻譯成法文
|
| 結果 | responseStatus_code |
例如,假設使用者要求系統 將文字從英文翻譯成法文
|
| 其他欄位 | 不適用 | 不適用 |
範例記錄
{
"_gdch_cluster": "root-admin",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-w5srk",
"_gdch_service_name": "apiserver",
"annotations_authorization_k8s_io_decision": " allow",
"annotations_authorization_k8s_io_reason RBAC": allowed by ClusterRoleBinding "root-admin-common-controllers-rolebinding" of ClusterRole "root-admin-common-controllers-role" to ServiceAccount "root-admin-controller-sa/gpc-system",
"apiGroup" : "system.private.gdc.goog",
"apiVersion": "audit.k8s.io/v1",
"auditID": 05e72a29-1b18-4db7-9ded-8f51e3a145d8,
"cluster": "root-admin",
"fluentbit_pod": "anthos-audit-logs-forwarder-w5srk",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "system.private.gdc.goog",
"apiVersion": "v1alpha1",
"name": "ntp-relay-fhr6t",
"namespace": "gpc-system",
"resource": "ntpservers",
"subresource": "status"
},
"requestReceivedTimestamp": "2022-12-13T13:48:29.996912Z",
"requestURI": "/apis/system.private.gdc.goog/v1alpha1/namespaces/gpc-system/ntpservers/ntp-relay-fhr6t/status"
"responseStatus": {
"code": 200,
"metadata": {},
},
"service_name": "apiserver",
"stage": "ResponseComplete",
"stageTimestamp": "2022-12-13T13:48:30.014578Z",
"userAgent": "root-admin-cm/v0.0.0 (linux/amd64) kubernetes/$Format",
"user_uid": "c01df74a-a983-44db-8fd3-e0dae87c0796",
"user_username": "system:serviceaccount:gpc-system:root-admin-controller-sa",
"verb": "patch",
"Time" : "1670939310014",
"tsNs": "1670939310014791527"
}