Filtering logs while forwarding with Openshift Logging in OpenShift 4
Environment
- Red Hat OpenShift Container Platform (RHOCP)
- 4
- Red Hat Openshift Logging (RHOL)
- 5
- 6
- Log Forwarding
Issue
- Add the multiple
Syslog facilityandseverityfor audit logs. - How to filter forwarded logs in OpenShift 4.
Resolution
Filtering logs while forwarding with Red Hat Openshift Logging selecting log streams by origin (pod name, namespace, labels) is supported, and there are more details in forwarding application logs from specific projects and forwarding application logs from specific pods.
For the audit logs, it is also possible to directly filter them as described in customize and filter audit logs in OpenShift 4. Also, an example for how using the Kube API audit filter for reducing the number of logs sent to the outputs can be found in how to extract user events from OpenShift audit logs using the API Audit filter.
For additional information in RHOL 6 documentation, refer to:
Root Cause
Filter and control size of audit logs has been added by OBSDA-339: Filter and control size of audit logs to RHOL 5.8, supported in OCP versions from 4.12. Advanced filtering has been added by OBSDA-228: Log filtering and collecting to RHOL 5.9, supported in OCP versions from 4.13.
Note that RHOL 5 is EOL since November 3, 2025, as explained in the Red Hat Logging 5.9 Release Notes, and it is needed to use RHOL 6 for getting support.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments