Access Logs
Access logs are a crucial aspect of monitoring your cluster activity, identifying security threats, and troubleshooting operational issues. Cloud Orbiter provides a robust solution for managing and analyzing your cluster access logs. There are several reasons why users may find cluster access logs to be important:
-
Security
Access logs can help identify security breaches or unauthorized access attempts. By reviewing access logs, users can detect anomalies in user behavior or identify suspicious activity that may indicate an attempted hack.
-
Troubleshooting
If a user experiences issues accessing a cluster, access logs can provide valuable information to troubleshoot the problem. By reviewing the logs, users can identify errors or misconfigurations that may be causing the issue.
-
Compliance
Access logs can be important for compliance purposes. Depending on the industry or organization, there may be regulations or policies that require logging of all access to a cluster. Users may need to review access logs to ensure compliance with these regulations or policies.
Access log includes details such as the username, date and time of access, project, the user's IP address, and the specific API endpoint that was accessed.
For example,
| Time | Username | Project | Operation | IP Address | API |
|---|---|---|---|---|---|
| 16/3/2023, 2:28:07 pm | xxxx@yyyy.com | default-user | GET | 174.91.166.94 | /api/v1/namespaces/default/pods?limit=500 |
This log entry provides specific information about a user's API access. The user, "xxxx@yyyy.com", accessed the API endpoint "/api/v1/namespaces/default/pods?limit=500" using the HTTP method "GET". The access was made from the IP address "174.91.166.94" at 2:28:07 pm on March 16, 2023, for selected project as "default-project".
Accessing Cluster Access Logs
With Cloud Orbiter, accessing your cluster access logs is straightforward.
-
Log in to the Cloud Orbiter platform using your credentials.
-
Navigate to the cluster section in the menu bar.
-
Select the "access logs" option.
-
This will display two tabs: "live logs" and "audit logs."
Audit Logs
The "audit logs" tab also provides a historical view of all the access logs, making it easy to investigate past events and troubleshoot issues. With the audit logs feature, you can:
• Analyze user activity, track changes made to your system, and identify potential security threats.
• Troubleshoot operational issues by reviewing past events.
• Gain insights into the long-term behavior of your system.
Each audit log entry includes details such as the username, date and time of access, the user's IP address, and the specific API endpoint that was accessed.
For example,
| Time | Username | Operation | IP Address | API |
|---|---|---|---|---|
| 16/3/2023, 2:28:07 pm | xxxx@yyyy.com | GET | 174.91.166.94 | /api/v1/namespaces/default/pods?limit=500 |
This log entry provides specific information about a user's API access. The user, "xxxx@yyyy.com", accessed the API endpoint "/api/v1/namespaces/default/pods?limit=500" using the HTTP method "GET". The access was made from the IP address "174.91.166.94" at 2:28:07 pm on March 16, 2023.
The audit logs can be easily searched and filtered using various criteria such as user, date and time, IP address, and API endpoint. This allows you to quickly find specific entries in the log and pinpoint any issues or anomalies.
Live Logs
The "live logs" tab provides a continuous stream of log events as they occur in your cluster, enabling you to monitor your system's performance and quickly identify any issues. For instance, you can track the number of requests, response times, and error rates, and take action to optimize your system accordingly. The live logs feature helps you:
• Monitor system performance in real-time.
• Identify issues and take prompt action to resolve them.
• Analyze system behavior, such as request volume and error rate.