Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Sample Event Message

 

Use these sample event messages as a way of verifying a successful integration with JSA.

The following table provides a sample event message when you use the Syslog protocol for the Kubernetes Auditing DSM.

Table 1: Kubernetes Auditing Sample Message Supported by the Kubernetes Auditing DSM

Event name

Low level category

Sample log message

Read the specified endpoints

Read Activity Succeeded

<133>Oct 21 10:37:55 test.example.com k8s-audit: {"kind":"Event",

"apiVersion": "audit.k8s.io/ v1","level":

"RequestResponse","auditID":"d30b40b8-4f6a-

4219-9828- a7f732518541", "stage":

"ResponseComplete","requestURI":"/api/v1

/namespaces/ default/endpoints

/kubernetes", "verb":"get","user":{"username":"system:apiserver","uid":"0f440c21-

a1c6-4ec3-84a4-50cd5dee2eb7", "groups":[

"system:masters"]},"sourceIPs":["::1"],"userAgent":"kubeapiserver

/ v1.15.2 (linux/amd64) kubernetes/f627830","objectRef": {"resource":

"endpoints","namespace":"default","name":

"kubernetes", "apiVersion":"v1"},"responseStatus":{"metadata": {},"code":200},"responseObject":{"kind":"Endpoints", "apiVersion":

"v1","metadata": {"name":"kubernetes","namespace":"default",

"selfLink":"/api/v1/ namespaces /default/endpoints/ kubernetes",

"uid":"1104e39a-46d2-4c35-92d2-5206dc6be4d2","resource Version"

:"156","creationTimestamp":"2019-10-21T13:18:48Z"

},"subsets": [{"addresses":

[{"ip":"192.0.2.0/24"}], "ports": [{"name":"https","port":6443,"protocol":"TCP"}]}]},"requestReceived

Timestamp":"2019-10-21T14:37:53.788926Z","stageTimestamp":

"2019-10-21T14:37:53.789945Z","annotations":{

"authorization.k8s.io/ decision":"allow", "authorization.k8s.io/reason":""}}