As a cluster administrator, you can deploy {logging} on an {product-title} cluster, and use it to collect and aggregate node system audit logs, application container logs, and infrastructure logs. You can forward logs to your chosen log outputs, including on-cluster, Red Hat managed log storage. You can also visualize your log data in the {product-title} web console, or the Kibana web console, depending on your deployed log storage solution.
{product-title} cluster administrators can deploy {logging} by using Operators. For information, see Installing {logging}.
The Operators are responsible for deploying, upgrading, and maintaining {logging}. After the Operators are installed, you can create a ClusterLogging custom resource (CR) to schedule {logging} pods and other resources necessary to support {logging}. You can also create a ClusterLogForwarder CR to specify which logs are collected, how they are transformed, and where they are forwarded to.
|
Note
|
Because the internal {product-title} Elasticsearch log store does not provide secure storage for audit logs, audit logs are not stored in the internal Elasticsearch instance by default. If you want to send the audit logs to the default internal Elasticsearch log store, for example to view the audit logs in Kibana, you must use the Log Forwarding API as described in Forward audit logs to the log store. |
For information, see About collecting and storing Kubernetes events.
For information, see About exporting fields.
For information, see Collecting and storing Kubernetes events.