Log forwarding of audit logs in CEF format in OCP 4

Solution Verified - Updated -

Issue

  • Can OpenShift audit logs be forwarded to an external SIEM in Common Event Format (CEF) instead of the currently supported formats?
  • Is it possible to use the CEF format for sending the audit logs?
  • Is CEF supported for audit log forwarding through OpenShift Logging?
  • Is it possible to use the CEF format for log forwarding the logs to one external SIEM system?

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4
  • Red Hat OpenShift Logging (RHOL)
    • 5
    • 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content