Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Kubernetes Auditing to Communicate with JSA

 

To collect all events from Kubernetes Auditing, you must specify JSA as the syslog server.

A Kubernetes cluster must be running on your system.

Create a copy of the Kubernetes audit policy file.

If you are using the Container or the Kubernetes content extensions, you need the JSA audit policy file.

Make sure that rsyslog is installed and running on your system.

  1. Use SSH to log in to your Kubernetes Auditing console.
  2. In the /etc/Kubernetes/maifests/kube-apiserver.yaml file, define the audit-policyfile and audit-log-path parameters.
  3. Configure the rsyslog /etc/rsyslog.conf file to forward events that are logged in the audit.log file to JSA.
  4. Restart rsyslog by typing the following command:

    service rsyslog restart