Filebeat for Openshift and Kubernetes audit logs


What’s the best way to collect Openshift and Kubernetes audit logs with Filebeats?

Auditbeat doesn’t seem to have any options to inspect Kube or OCP audit log files.


Anyone with an update? Should I use Filebeats or Auditbeat for these logs?

How about experimenting yourself with FB's auditd module? Did you try and got some results? See:

I'll test it out. Thanks!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.