Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Compliance > Kubernetes > CIS - AKS 1.0 > Control Plane Configuration >

Logging

N/A
Source
Kube Bench
ID
2.1
Version
aks-1.0

2.1 Logging

2.1.1 Enable audit Logs

Azure audit logs are enabled and managed in the Azure portal. To enable log collection for the Kubernetes master components in your AKS cluster, open the Azure portal in a web browser and complete the following steps:

  1. Select the resource group for your AKS cluster, such as myResourceGroup. Don’t select the resource group that contains your individual AKS cluster resources, such as MC_myResourceGroup_myAKSCluster_eastus.
  2. On the left-hand side, choose Diagnostic settings.
  3. Select your AKS cluster, such as myAKSCluster, then choose to Add diagnostic setting.
  4. Enter a name, such as myAKSClusterLogs, then select the option to Send to Log Analytics.
  5. Select an existing workspace or create a new one. If you create a workspace, provide a workspace name, a resource group, and a location.
  6. In the list of available logs, select the logs you wish to enable. For this example, enable the kube-audit and kube-audit-admin logs. Common logs include the kube- apiserver, kube-controller-manager, and kube-scheduler. You can return and change the collected logs once Log Analytics workspaces are enabled.
  7. When ready, select Save to enable collection of the selected logs.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2023 Aqua Security Software Ltd.   Privacy Policy | Terms of Use