Skip to content

Commit 11ded3a

Browse files
authored
Merge pull request #83281 from ShaunaDiaz/OSDOCS-12116
OSDOCS-12116: clarify user-replaceable values for procedure
2 parents 8bdb5ba + 336c3f8 commit 11ded3a

File tree

1 file changed

+16
-12
lines changed

1 file changed

+16
-12
lines changed

modules/microshift-viewing-audit-logs.adoc

Lines changed: 16 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -21,25 +21,28 @@ You can identify pod security admission violations on a workload by viewing the
2121
----
2222
$ <node_name>=$(oc get node -ojsonpath='{.items[0].metadata.name}')
2323
----
24+
//output example?
25+
2426
. To view the audit logs, run the following command:
2527
+
2628
[source,terminal]
2729
----
28-
$ oc adm node-logs <node_name> --path=kube-apiserver/
30+
$ oc adm node-logs <node_name> --path=kube-apiserver/ <1>
2931
----
32+
<1> Replace _<node_name>_ with the name of the node retrieved from the previous step.
3033
+
3134
.Example output
3235
[source,terminal]
3336
----
34-
rhel-92.lab.local audit-2023-08-18T18-25-41.663.log
35-
rhel-92.lab.local audit-2023-08-19T11-21-29.225.log
36-
rhel-92.lab.local audit-2023-08-20T04-16-09.622.log
37-
rhel-92.lab.local audit-2023-08-20T21-11-41.163.log
38-
rhel-92.lab.local audit-2023-08-21T14-06-10.402.log
39-
rhel-92.lab.local audit-2023-08-22T06-35-10.392.log
40-
rhel-92.lab.local audit-2023-08-22T23-26-27.667.log
41-
rhel-92.lab.local audit-2023-08-23T16-52-15.456.log
42-
rhel-92.lab.local audit-2023-08-24T07-31-55.238.log
37+
rhel-94.lab.local audit-2024-10-18T18-25-41.663.log
38+
rhel-94.lab.local audit-2024-10-19T11-21-29.225.log
39+
rhel-94.lab.local audit-2024-10-20T04-16-09.622.log
40+
rhel-94.lab.local audit-2024-10-20T21-11-41.163.log
41+
rhel-94.lab.local audit-2024-10-21T14-06-10.402.log
42+
rhel-94.lab.local audit-2024-10-22T06-35-10.392.log
43+
rhel-94.lab.local audit-2024-10-22T23-26-27.667.log
44+
rhel-94.lab.local audit-2024-10-23T16-52-15.456.log
45+
rhel-94.lab.local audit-2024-10-24T07-31-55.238.log
4346
----
4447

4548
. To parse the affected audit logs, enter the following command:
@@ -48,5 +51,6 @@ rhel-92.lab.local audit-2023-08-24T07-31-55.238.log
4851
----
4952
$ oc adm node-logs <node_name> --path=kube-apiserver/audit.log \
5053
| jq -r 'select((.annotations["pod-security.kubernetes.io/audit-violations"] != null) and (.objectRef.resource=="pods")) | .objectRef.namespace + " " + .objectRef.name + " " + .objectRef.resource' \
51-
| sort | uniq -c
52-
----
54+
| sort | uniq -c <1>
55+
----
56+
<1> Replace _<node_name>_ with the name of the node retrieved from the previous step.

0 commit comments

Comments
 (0)