Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Kubernetes Auditing Sample Event Message

Use this sample event message as a way of verifying a successful integration with JSA.

The following table provides a sample event message when you use the Syslog protocol for the Kubernetes Auditing DSM.

Table 1: Kubernetes Auditing Sample Message Supported by the Kubernetes Auditing DSM

Event name

Low level category

Sample log message

Read the specified endpoints

Read Activity Succeeded

<133>Oct 21 10:37:55 test.example.com k8s-audit: {"kind":"Event", "apiVersion": "audit.k8s.io/ v1","level": "RequestResponse","auditID":"d30b40b8-4f6a- 4219-9828- a7f732518541", "stage": "ResponseComplete","requestURI":"/api/v1 /namespaces/ default/endpoints /kubernetes", "verb":"get","user": {"username":"system:apiserver", "uid":"0f440c21- a1c6-4ec3-84a4-50cd5dee2eb7", "groups":[ "system:masters"]},"sourceIPs": ["::1"],"userAgent":"kubeapiserver / v1.15.2 (linux/amd64) kubernetes/f627830","objectRef": {"resource": "endpoints","namespace":"default","name": "kubernetes", "apiVersion":"v1"},"responseStatus":{"metadata": {},"code":200},"responseObject":{"kind":"Endpoints", "apiVersion": "v1","metadata": {"name":"kubernetes","namespace":"default", "selfLink":"/api/v1/ namespaces /default/endpoints/ kubernetes", "uid":"1104e39a-46d2-4c35-92d2-5206dc6be4d2","resource Version" :"156","creationTimestamp":"2019-10-21T13:18:48Z" },"subsets": [{"addresses": [{"ip":"192.0.2.0/24"}], "ports": [{"name": "https","port":6443,"protocol": "TCP"}]}]},"requestReceived Timestamp":"2019-10-21T14: 37:53.788926Z","stageTimestamp": "2019-10-21T14:37:53.789945Z","annotations":{ "authorization.k8s.io/ decision":"allow", "authorization.k8s.io/reason":""}}