This message was deleted.
# generala
adamant-kite-43734
10/14/2022, 1:02 PMThis message was deleted.
d
damp-painting-69352
10/14/2022, 1:04 PMThis is all configured in the Rancher install helm chart, and the Audit Log location, it is best to use the default location for the logs, as they are acutally mounted to the container. any change to the location would also require new mounts to be added and passed to the container
l
loud-daybreak-83328
10/14/2022, 1:06 PMyes, I have that all set, and the logs are being created in the path that I specified. It's just a specific action that I'm not seeing reflected in that log.
d
damp-painting-69352
10/14/2022, 1:07 PMwhat is the audit log level
l
loud-daybreak-83328
10/14/2022, 1:08 PMI have that set to 3
d
damp-painting-69352
10/14/2022, 1:08 PMtry lowering it to 2
l
loud-daybreak-83328
10/14/2022, 1:13 PMisn't that less information?
d
damp-painting-69352
10/14/2022, 1:14 PMI see you are correct
damp-painting-69352
10/14/2022, 4:41 PMWhat are you missing from the logs? specific types of audit? The user name of the logged in user is hashed and can be found in rancher to decode what user is doing what
l
loud-daybreak-83328
10/14/2022, 4:55 PMI added a user to a project as a cluster member (through the gui), and nothing was logged for that event. Similarly I removed that user and didn't see any record for it. I searched for both the username and the internal Rancher (u-) user ids in the audit log and nothing was returned
d
damp-painting-69352
10/14/2022, 5:24 PMDid you look for rb- being deleted
damp-painting-69352
10/14/2022, 5:25 PMthat would be the role binding for the project
damp-painting-69352
10/14/2022, 5:25 PMor crb-
l
loud-daybreak-83328
10/14/2022, 5:35 PMI'll take a look at that