I'm trying to audit access logs (including failed access attempts). I have a fluentd collector running so I can export the logs but I can't find them to export them! I thought this might help, but when I use the console and go to Workloads → Pods → fluentd or cluster logging logs I don't see auth events anywhere there.
Asked
Active
Viewed 628 times
3
-
1The link you posted is about general workload logs. Have you also checked [the audit log](https://docs.openshift.com/container-platform/4.2/nodes/nodes/nodes-nodes-audit-log.html)? – Simon May 15 '20 at 17:34
-
^ Thank you, I checked the audit logs. I pulled 500,000 lines of those for each of my cluster nodes and I'm searching them now. I see some oauth events, but I don't see user login details. – joar May 15 '20 at 18:35