CloudNatix logo

User Guide

Audit Log Guide


Audit logs are collected from different sources including k8s clusters and other servers in the Global Controller. For the activities that are collected from k8s clusters, only the activities that are conducted via CloudNatix's session-manager and that modify the cluster status (e.g POST/PUT/PATCH) are collected. In other words, read-only activities are ignored.

Audit logs can be helpful for security, compliance, and troubleshooting.


Each audit log has several attributes, including who executed the activity, when and where the activity was executed, the type of activity, and the associated k8s workloads of the activity if applicable.

ActionStringThe action type of the activity. For HTTP requests, it is method type, e.g. POST, PUT, DELETE, etc.
Client IP AddressStringThe IP address of the subject
Data SourceStringThe cluster name of the that activity was executed
Event Type NameStringThe event type is named based on the action of the activity, such as create, delete, scale, portforward, etc.
Event Type ResultBoolWhether the activity was executed successfully or failed
Response CodeInt32The response code from HTTP response
SourceEnumerationThe agent that recorded the activity
SubjectStringWho executed the activity, i.e. user ID.
TargetStringThe namespace and resource name of the k8s target
Target TypeEnumerationThe target type can be "Kubernetes Resource", "User", "Cluster", etc.
TimestampTimestampWhen the activity was executed
UUIDStringThe unique identifier of the activity

Depending on the type of activities, there are some additional attributes. For example, additional attributes for the activities of Kubernetes Resources are:

Cluster NameStringThe cluster name where the activity is executed
Cluster UUIDStringThe cluster UUID where the activity is executed
HostStringThe domain name of the HTTP request
URLStringThe URL of the HTTP request
OperationStringThe type of operation for applicable k8s activities, e.g. exec, scale, portforwarding.
K8S Resource KindStringThe Kind of k8s resources, e.g. Pod, Deployment
K8S Resource UIDStringThe UID of the k8s resource
K8S Resource NameStringThe name of the k8s resource
Top-level workload nameStringThe name of the associated top-level workload
Top-level workload UIDStringThe UID of the associated top-level workload
Org UUIDStringThe UUID of the org who owns the k8s resource or the cluster
Org NameStringThe name of the org who owns the k8s resource or the cluster
NamespaceStringThe namespace the k8s resource belongs to
API GroupStringThe API group of the HTTP request
API VersionStringThe API version of the HTTP request


  • Search

The audit logs can be searched by certain attributes, including Subject, Action, Client IP, Data Source, Event Type, Org UUID, Response Code, Source, Target, Target Type, and Timestamp.

  • Sort

The audit logs can be sorted by certain attributes, including Subject, Timestamp, Data Source, and Target, and in either ascending or descending order.

Administration Guide
VM Optimization - Scheduling Periodic Start and Stop