OpenShift audit logs in OSD and ROSA

Resolution

As explained in the Logging section of the ROSA Service Definition and in the Logging section of the OSD Service Definition, it's possible to integrate the OSD and ROSA logging with AWS CloudWatch.

To integrate the OSD/ROSA logging with AWS CloudWatch, refer to the documentation for Forwarding logs to Amazon CloudWatch (RHOL needs to be installed, as the Cluster Logging Operator add-on is now deprecated). It is also possible to forward the audit logs to other external third-party logging systems supported by the Red Hat OpenShift Logging operator.

For ROSA (Red Hat OpenShift Services on AWS) and OSD clusters with CCS account, it's possible to collect audit logs with the oc adm must-gather command as explained in Gathering audit logs in ROSA and Gathering audit logs in OSD:

$ oc adm must-gather -- /usr/bin/gather_audit_logs

Note: Audit logs rotate approximately every 24 hours in the nodes.

For non-CCS OSD clusters (as no cluster-admin is provided), if the integration with AWS CloudWatch or any other logging systems is not configured, it's possible to request the audit logs by opening a support case with Red Hat.

IMPORTANT: The application and infrastructure logs are not stored by Red Hat and cannot be requested this way. For the application and infrastructure logs, it's needed to configure the Red Hat OpenShift Logging operator to collect those logs.