Filebeat for Openshift and Kubernetes audit logs

Hi,

What’s the best way to collect Openshift and Kubernetes audit logs with Filebeats?

Auditbeat doesn’t seem to have any options to inspect Kube or OCP audit log files.

Thanks,
Sayeed

Anyone with an update? Should I use Filebeats or Auditbeat for these logs?

How about experimenting yourself with FB's auditd module? Did you try and got some results? See: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-auditd.html

I'll test it out. Thanks!