Open IanKWatts opened 1 month ago
All pod logs are being sent to the SIEM already, maybe just need to get a view setup in there to ensure they are easy to access and have sufficient retention? cc @NickCorcoran
We're keeping the server log and the audit log separate, because the first is a fixed format normal log message, while the audit log messages are JSON objects. The lab cluster has been configured to send audit log messages to the SIEM; we're waiting to get confirmation that they're being received and will be useful to us for monitoring and alerts. We currently keep 30 days worth of audit logs and they are copied to an S3 bucket.
Describe the issue In the interest of security and reliability, configure Vault to copy log files to an external system.
What is the Value/Impact?
What is the plan? How will this get completed?
Identify any dependencies n/a
Definition of done