From 3ea2d52ac12df688494ebbc41f1d3ca8fd0f1abe Mon Sep 17 00:00:00 2001 From: Ashleigh Brennan Date: Thu, 15 Feb 2024 14:50:55 -0600 Subject: [PATCH] OBSDOCS-280: Update internal log store refs --- .../configuring-log-forwarding.adoc | 7 +------ ...luster-logging-collector-log-forwarding-about.adoc | 6 ------ modules/cluster-logging-elasticsearch-audit.adoc | 9 +-------- snippets/audit-logs-default.adoc | 11 +++++++++++ 4 files changed, 13 insertions(+), 20 deletions(-) create mode 100644 snippets/audit-logs-default.adoc diff --git a/logging/log_collection_forwarding/configuring-log-forwarding.adoc b/logging/log_collection_forwarding/configuring-log-forwarding.adoc index 048ffcb2efd4..6351689ac8b4 100644 --- a/logging/log_collection_forwarding/configuring-log-forwarding.adoc +++ b/logging/log_collection_forwarding/configuring-log-forwarding.adoc @@ -7,12 +7,7 @@ include::_attributes/attributes-openshift-dedicated.adoc[] toc::[] -By default, the {logging} sends container and infrastructure logs to the default internal log store defined in the `ClusterLogging` custom resource. However, it does not send audit logs to the internal store because it does not provide secure storage. If this default configuration meets your needs, you do not need to configure the Cluster Log Forwarder. - -[NOTE] -==== -To send audit logs to the internal Elasticsearch log store, use the Cluster Log Forwarder as described in xref:../../logging/log_storage/logging-config-es-store.adoc#cluster-logging-elasticsearch-audit_logging-config-es-store[Forwarding audit logs to the log store]. -==== +include::snippets/audit-logs-default.adoc[] include::modules/cluster-logging-collector-log-forwarding-about.adoc[leveloffset=+1] diff --git a/modules/cluster-logging-collector-log-forwarding-about.adoc b/modules/cluster-logging-collector-log-forwarding-about.adoc index d5d2d93edae5..81c11ee7d605 100644 --- a/modules/cluster-logging-collector-log-forwarding-about.adoc +++ b/modules/cluster-logging-collector-log-forwarding-about.adoc @@ -27,16 +27,10 @@ _Secret_:: A `key:value map` that contains confidential data such as user creden Note the following: -* If a `ClusterLogForwarder` CR object exists, logs are not forwarded to the default Elasticsearch instance, unless there is a pipeline with the `default` output. - -* By default, the {logging} sends container and infrastructure logs to the default internal Elasticsearch log store defined in the `ClusterLogging` custom resource. However, it does not send audit logs to the internal store because it does not provide secure storage. If this default configuration meets your needs, do not configure the Log Forwarding API. - * If you do not define a pipeline for a log type, the logs of the undefined types are dropped. For example, if you specify a pipeline for the `application` and `audit` types, but do not specify a pipeline for the `infrastructure` type, `infrastructure` logs are dropped. * You can use multiple types of outputs in the `ClusterLogForwarder` custom resource (CR) to send logs to servers that support different protocols. -* The internal {product-title} Elasticsearch instance does not provide secure storage for audit logs. We recommend you ensure that the system to which you forward audit logs is compliant with your organizational and governmental regulations and is properly secured. The {logging} does not comply with those regulations. - The following example forwards the audit logs to a secure external Elasticsearch instance, the infrastructure logs to an insecure external Elasticsearch instance, the application logs to a Kafka broker, and the application logs from the `my-apps-logs` project to the internal Elasticsearch instance. .Sample log forwarding outputs and pipelines diff --git a/modules/cluster-logging-elasticsearch-audit.adoc b/modules/cluster-logging-elasticsearch-audit.adoc index 5041c8a83ef5..123917442b46 100644 --- a/modules/cluster-logging-elasticsearch-audit.adoc +++ b/modules/cluster-logging-elasticsearch-audit.adoc @@ -6,14 +6,7 @@ [id="cluster-logging-elasticsearch-audit_{context}"] = Forwarding audit logs to the log store -By default, OpenShift Logging does not store audit logs in the internal {product-title} Elasticsearch log store. You can send audit logs to this log store so, for example, you can view them in Kibana. - -To send the audit logs to the default internal Elasticsearch log store, for example to view the audit logs in Kibana, you must use the Log Forwarding API. - -[IMPORTANT] -==== -The internal {product-title} Elasticsearch log store does not provide secure storage for audit logs. Verify that the system to which you forward audit logs complies with your organizational and governmental regulations and is properly secured. {logging-uc} does not comply with those regulations. -==== +include::snippets/audit-logs-default.adoc[] .Procedure diff --git a/snippets/audit-logs-default.adoc b/snippets/audit-logs-default.adoc new file mode 100644 index 000000000000..29e1444dc967 --- /dev/null +++ b/snippets/audit-logs-default.adoc @@ -0,0 +1,11 @@ +// Module included in the following assemblies and modules: +// +// * logging/log_collection_forwarding/configuring-log-forwarding.adoc +// +// * modules/cluster-logging-elasticsearch-audit.adoc + +In a {logging} deployment, container and infrastructure logs are forwarded to the internal log store defined in the `ClusterLogging` custom resource (CR) by default. + +Audit logs are not forwarded to the internal log store by default because this does not provide secure storage. You are responsible for ensuring that the system to which you forward audit logs is compliant with your organizational and governmental regulations, and is properly secured. + +If this default configuration meets your needs, you do not need to configure a `ClusterLogForwarder` CR. If a `ClusterLogForwarder` CR exists, logs are not forwarded to the internal log store unless a pipeline is defined that contains the `default` output.