I guess there was a problem with the Log Analytics service in West Europe...
This morning the kube audit logs are being ingested again by our log-analytics workspace.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi everyone,
currently we're trying out enabling kube-audit-admin diagnostic setting in our dev cluster to better monitor our cluster actions and suspicious activity. Since it's only a dev cluster I enable the diagnostic settings for tests and usually delete the diagnostic settings and after I've tried out what I wanted and it usually works without problems. However since yesterday the logs aren't being ingested anymore by our log analytics workspace, even when the diagnostic setting is enabled with the correct target log-analytics-workspace.
We also get a warning, that the size of the audit log is too large and has been trimmed, however as I can tell, this was always the case, and there doesn't seem a way to adjust the kube-audit-admin logs anyway, since there's no way to change the audit policy of the cluster.
Does anyone have a similar problem as me? Did something change in the behaviour of audit logs in AKS or the Log analytics workspaces?
The only change I can find regarding the kube audit logs is from the AKS Release 2022-08-14 and I don't really understand what exactly changed here.
I hope someone can point me in the right direction :) Thanks for reading
I guess there was a problem with the Log Analytics service in West Europe...
This morning the kube audit logs are being ingested again by our log-analytics workspace.