ClusterLogForwarder is not sending full audit logs - Red Hat Customer Portal

Issue

Enabled ClusterLogForwarder to send audit logs to our external log aggregator
Full audit logs are not appearing
Checking the OpenShift audit logs on the node using oc node-logs I see full log entries
But when I receive the output from the ClusterLogForwarder I am only getting the following:

Jan 2 12:12:10 fluentd-xxxxx fluentd: type=ANOM_PROMISCUOUS msg=audit(xxxxxxxxxx.989:205): dev=vethxxxxxxxx prom=0 old_prom=256 auid=4xxxxxxx5 uid=800 gid=801 ses=4xxxxxxx 5AUID="unset" UID="openvswitch" GID="xxxxxfs"

Set payloadKey to message to capture audit messages

Environment

Red Hat OpenShift Container Platform
- 4.6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2024 Red Hat, Inc.

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)