AuditConfigs

An AuditConfig custom resource (CR) is used to send K10 audit event logs to a cloud object store by using a reference to a Location Profile.

Creating an Audit Config
Updating an Audit Config
Deleting an Audit Config

Creating an Audit Config 

When creating an AuditConfig, you first need to create a Location Profile that points to a cloud object store.

With a Location Profile already defined, you can now create an Audit Config by executing the following commands:

$ cat <<EOF >>sample-audit-config.yaml
apiVersion: config.kio.kasten.io/v1alpha1
kind: AuditConfig
metadata:
  name: sample-audit-config
  namespace: kasten-io
spec:
  profile:
    name: audit-s3
    namespace: kasten-io
EOF

$ kubectl apply -f sample-audit-config.yaml
auditconfig.config.kio.kasten.io/sample-audit-config created

# Make sure it is initialized and validated properly
$ kubectl get auditconfigs.config.kio.kasten.io --namespace kasten-io -w
NAME                STATUS    AGE
sample-config       Success   5s

The AuditConfig can assume four different statuses:

Status	Meaning
Pending	Created and waiting for Location Profile
UpdateRequested	Audit Config or Location Profile has changed
DeleteRequested	Stop sending logs to this Location Profile
Success	Sending logs to this Location Profile

Updating an Audit Config 

To update an AuditConfig, edit the spec portion using your preferred method for submitting resource changes with kubectl.

$ kubectl apply -f sample-audit-config-changed.yaml
auditconfig.config.kio.kasten.io/sample-audit-config configured

Once the change is submitted, K10 will re-validate the audit config and update .status.validation accordingly.

$ kubectl get auditconfigs.config.kio.kasten.io --namespace kasten-io -w
NAME                    STATUS    AGE
sample-audit-config     Success   7s

This action will trigger the extended audit mechanism to update and send logs to the updated Location Profile.

Deleting an Audit Config 

You can delete an AuditConfig using the following command:

# Delete audit config "sample-audit-config" for K10 installed in "kasten-io"
$ kubectl delete auditconfigs.config.kio.kasten.io sample-audit-config --namespace kasten-io
auditconfig.config.kio.kasten.io "sample-audit-config" deleted

This action will trigger the extended audit mechanism to stop sending logs to this Location Profile.

AuditConfigs

Creating an Audit Config

Updating an Audit Config

Deleting an Audit Config

Creating an Audit Config 

Updating an Audit Config 

Deleting an Audit Config 