|
| 1 | +// Module included in the following assembly: |
| 2 | +// assembly-audit-log.adoc |
| 3 | + |
| 4 | +[id="ref-audit-log-file-rotation-overview_{context}"] |
| 5 | += Audit log file rotation in {product} |
| 6 | + |
| 7 | +Logging to a rotating file in {product} is helpful for persistent storage of audit logs. |
| 8 | + |
| 9 | +Persistent storage ensures that the file remains intact even after a pod is restarted. Audit log file rotation creates a new file at regular intervals, with only new data being written to the latest file. |
| 10 | + |
| 11 | +Default settings:: |
| 12 | + |
| 13 | +Audit logging to a rotating file is disabled by default. When it is enabled, the default behavior changes to: |
| 14 | + |
| 15 | +* Rotate logs at midnight (local system timezone). |
| 16 | +* Log file format: `redhat-developer-hub-audit-%DATE%.log`. |
| 17 | +* Log files are stored in `/var/log/redhat-developer-hub/audit`. |
| 18 | +* No automatic log file deletion. |
| 19 | +* No gzip compression of archived logs. |
| 20 | +* No file size limit. |
| 21 | + |
| 22 | +Audit logs are written in the `/var/log/redhat-developer-hub/audit` directory. |
| 23 | + |
| 24 | +Log file names:: |
| 25 | + |
| 26 | +Audit log file names are in the following format: |
| 27 | + |
| 28 | +`redhat-developer-hub-audit-%DATE%.log` |
| 29 | + |
| 30 | +where `%DATE%` is the format specified in `auditLog.rotateFile.dateFormat`. You can customize file names when you configure file rotation. |
| 31 | + |
| 32 | +File rotation date and frequency:: |
| 33 | + |
| 34 | +Supported `auditLog.rotateFile.frequency` options include: |
| 35 | + |
| 36 | +* `daily`: Rotate daily at 00:00 local time |
| 37 | +* `Xm`: Rotate every `X` minutes (where X is a number between 0 and 59) |
| 38 | +* `Xh`: Rotate every `X` hours (where X is a number between 0 and 23) |
| 39 | +* `test`: Rotate every 1 minute |
| 40 | +* `custom`: Use `dateFormat` to set the rotation frequency (default if frequency is not specified) |
| 41 | + |
| 42 | +If `frequency` is set to `Xh`, `Xm` or `test`, the `dateFormat` setting must be configured in a format that includes the specified time component. Otherwise, the rotation might not work as expected. |
| 43 | + |
| 44 | +For example, use `dateFormat: 'YYYY-MM-DD-HH` for hourly rotation, and `dateFormat: 'YYYY-MM-DD-HH-mm` for minute rotation. |
| 45 | + |
| 46 | +.Example minute rotation: |
| 47 | +[source,yaml] |
| 48 | +---- |
| 49 | +auditLog: |
| 50 | + rotateFile: |
| 51 | + # If you want to rotate the file every 17 minutes |
| 52 | + dateFormat: 'YYYY-MM-DD-HH-mm' |
| 53 | + frequency: '17m' |
| 54 | +---- |
| 55 | + |
| 56 | +The `dateFormat` setting configures both the `%DATE%` in `logFileName` and the file rotation frequency if `frequency` is set to `custom`. The default format is `YYYY-MM-DD`, meaning daily rotation. Supported values are based on link:https://momentjs.com/docs/#/displaying/format/[Moment.js formats]. |
| 57 | + |
| 58 | +If the `frequency` is set to `custom`, then rotations take place when the date string, which is represented in the specified `dateFormat`, changes. |
| 59 | + |
| 60 | +Archive and delete:: |
| 61 | + |
| 62 | +By default, log files are not archived or deleted. |
| 63 | + |
| 64 | +Enable and configure audit file rotation:: |
| 65 | + |
| 66 | +If you are an administrator of {product-short}, you can enable file rotation for audit logs, and configure the file log location, name format, frequency, log file size, retention policy, and archiving. |
| 67 | + |
| 68 | +.Example audit log file rotation configuration |
| 69 | +[source,yaml] |
| 70 | +---- |
| 71 | +auditLog: |
| 72 | + rotateFile: |
| 73 | + enabled: true <1> |
| 74 | + logFileDirPath: /custom-path <2> |
| 75 | + logFileName: custom-audit-log-%DATE%.log <3> |
| 76 | + frequency: '12h' <4> |
| 77 | + dateFormat: 'YYYY-MM-DD' <5> |
| 78 | + utc: false <6> |
| 79 | + maxSize: 100m <7> |
| 80 | + maxFilesOrDays: 14 <8> |
| 81 | + zippedArchive: true <9> |
| 82 | +---- |
| 83 | +<1> Set `enabled` to `true` to use audit log file rotation. By default, it is set to `false`. |
| 84 | +<2> Absolute path to the log file. The specified directory is created automatically if it does not exist. |
| 85 | +<3> Default log file name format. |
| 86 | +<4> If no frequency is specified, then the default file rotation occurs daily at 00:00 local time. |
| 87 | +<5> Default date format. |
| 88 | +<6> Set `utc` to `true` to use UTC time for `dateFormat` instead of local time. |
| 89 | +<7> Sets a maximum file size limit for the audit log. In this example, the maximum size is 100m. |
| 90 | +<8> If set to number of files, for example `14`, then it deletes the oldest log when there are more than 14 log files. If set to number of days, for example `5d`, then it deletes logs older than 5 days. |
| 91 | +<9> Archive and compress rotated logs using `gzip`. The default value is `false`. |
| 92 | + |
| 93 | +[NOTE] |
| 94 | +==== |
| 95 | +* By default, log files are not archived or deleted. If log deletion is enabled, then a `.<sha256 hash>-audit.json` is generated in the directory where the logs are to track generated logs. Any log file not contained in the directory is not subject to automatic deletion. |
| 96 | +* A new `.<sha256 hash>-audit.json` file is generated each time the backend starts, which causes previous audit logs to stop being tracked or deleted, except for those still in use by the current backend. |
| 97 | +==== |
0 commit comments