Merge pull request #81054 from apurvanisal5/patch-1

bscott-rh · web-flow · commit b3bf7b24801f · 2024-09-05T15:24:11.000-04:00
Update logging-audit-log-filtering.adoc
diff --git a/modules/logging-audit-log-filtering.adoc b/modules/logging-audit-log-filtering.adoc
@@ -12,6 +12,12 @@ OpenShift API servers generate audit events for each API call, detailing the req
 * `Request`: Audit metadata and the request body are included, the response body is removed.
 * `RequestResponse`: All data is included: metadata, request body and response body. The response body can be very large. For example, `oc get pods -A` generates a response body containing the YAML description of every pod in the cluster.
 
+
+[NOTE]
+====
+You can use this feature only if the Vector collector is set up in your logging deployment.
+====
+
 In logging 5.8 and later, the `ClusterLogForwarder` custom resource (CR) uses the same format as the standard link:https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/#audit-policy[Kubernetes audit policy], while providing the following additional functions:
 
 Wildcards:: Names of users, groups, namespaces, and resources can have a leading or trailing `\*` asterisk character. For example, namespace `openshift-\*` matches `openshift-apiserver` or `openshift-authentication`. Resource `\*/status` matches `Pod/status` or `Deployment/status`.
