Container Audit Overview
What Is Container Audit?
Keep track of the operations and activities in your container clusters, gaining insight into every phase of the container lifecycle, including creating, starting, stopping, and destroying containers. Find and handle security problems through audit and analysis in a timely manner, ensuring the security and stability of container clusters.
Audit Objects
- Cluster container: Kubernetes audit logs, Kubernetes events, container logs, and container commands
- Independent container: container logs and container commands
- SWR image repository: image repository logs
Scenario
If an abnormal operation or activity occurs in the container environment, you can analyze container audit logs to locate the occurrence time, track the event, and work out a solution.
Constraints and Limitations
The cluster container or independent container is protected by the container edition.
Description
To enable container audit, the following conditions must be met:
- The cluster container or independent container has been connected to HSS, and is protected by the container edition.
For more information, see Installing an Agent in a Cluster and Enabling Container Protection.
- Meet the prerequisites for certain audit objects, as shown in Table 1.
Table 1 Audit prerequisites Object
Audit Object
Audit Prerequisite
Cloud CCE clusters
Kubernetes audit logs
On the CCE console, enable the collection of Kubernetes events, Kubernetes audit logs, and container logs.
Kubernetes audit events
Container logs
SWR private image repository
Image repository logs
You have used SWR and granted the operation permission (CTSOperatePolicy) for HSS. For details, see Authorization.
After container audit is enabled, operation and activity logs in the cluster are recorded on the HSS console. For details about how to view audit logs, see Viewing Container Audit Logs.
- What Is Container Audit?
- Audit Objects
- Scenario
- Constraints and Limitations
- Description