Kubernetes Audit with Elasticsearch and Kibana

Kubernetes Audit with Elasticsearch and Kibana

Overview

Audit logs: The key to finding Kubernetes events in an API server

Step-by-step guide

Create a cluster with feature logging (self-hosted Elasticsearch/Kibana) enabled.

Download the audit-dashboard file you need:

  1. for Kibana 5.x (Kublr 1.9 or earlier)

  2. for Kibana 6.x (Kublr 1.10 or newer)

  3. for Centralized logging

Open Kibana (click the link from the cluster’s overview page) and import the file with audit-dashboard:

  1. Log into Kibana (with user/password from the Kube Config File)
  2. Navigate Management > Saved Objects
  3. Click on Import > Select the required file
  4. The audit-dashboard should be created with a name corresponding to the file name
  5. Navigate to the Dashboard menu and click on audit-dashboard

Audit Dashboard

Note: If you find import errors, you’ll need to import the dashboard again.