Logs
Logs are the responsive component of Accuknox. Logs are generated in real-time based on certain conditions/rules you configure on the security policies. You will get logs from four different components Network, System, Anomaly Detection, and Data protection.
Filter Logs¶
Filter from the drop-down options¶
Click any drop-down to list its attributes.
Following are the elements in the drop-down options
K8s-cluster/VM¶
To access all the logs from your Kubernetes clusters, select K8s-cluster from the first drop-down menu. Select VM to examine the logs for your virtual machines.
Components¶
Logs are generated by the four different components. Network, System, Anomaly Detection, and Data Protection.
The logs are generated based on certain conditions/rules you configured on the policies. The logs and policies are coupled together in a way that a log will be created once the policy is invoked.
To filter the logs events occurred by the invoked network policies, select component type to Network
Similarly, you can filter log events from the system, anomaly detection, and data protection components.
Anomaly detection
monitors workloads based on their historical behaviors, and a log is generated when they deviate from the expected pattern.
Cluster¶
cluster
drop-down can be used to filter logs related to specific clusters
Namespace¶
Namespace
drop-down can be used to filter logs related to specific namespaces
Severity¶
Use the appropriate options to filter log events by Critical, High, Medium, Low, and Info level of severity, corresponding to the levels defined in the relevant runtime Policies.
Time Ranges¶
As in the rest of the platform interface, the time range can be set by date ranges and in increments from 5 minutes to 60 days.
Filter using elements from the log events list¶
Click one or more elements in a log event to add them directly to the filter.
Click Save
button, to save the selected filter to Saved Filters
Directly search elements in the filter¶
You can directly search by the elements, such as “Cluster_name”, “Flow_IP_destination” etc visible in the logs.
Use Search Filters¶
Search Filters are categorized into three
-
Predefined filters: A set of predefined filters makes the user's log filtering easier. We have incorporated frequent and important elements into these filters.
-
Saved Filters: The saved filters will list all the filters that the user has saved.
-
Unsaved: A set of filters loaded from your cache. It will be available shortly.
Channel Integrations¶
Log Detail Panel¶
Click one of the events in the log to view the details pane.
The Log Detail contents vary depending on the selected component type of the log event.