Logs

Logs are the responsive component of Accuknox. Logs are generated in real-time based on certain conditions/rules you configure on the security policies. You will get logs from four different components Network, System, Anomaly Detection, and Data protection.

Filter Logs

Filter from the drop-down options

Click any drop-down to list its attributes.

Following are the elements in the drop-down options

K8s-cluster/VM

To access all the logs from your Kubernetes clusters, select K8s-cluster from the first drop-down menu. Select VM to examine the logs for your virtual machines.

Components

Logs are generated by the four different components. Network, System, Anomaly Detection, and Data Protection.

The logs are generated based on certain conditions/rules you configured on the policies. The logs and policies are coupled together in a way that a log will be created once the policy is invoked.

To filter the logs events occurred by the invoked network policies, select component type to Network

Similarly, you can filter log events from the system, anomaly detection, and data protection components.

Anomaly detection monitors workloads based on their historical behaviors, and a log is generated when they deviate from the expected pattern.

Cluster

cluster drop-down can be used to filter logs related to specific clusters

Namespace

Namespace drop-down can be used to filter logs related to specific namespaces

Severity

Use the appropriate options to filter log events by Critical, High, Medium, Low, and Info level of severity, corresponding to the levels defined in the relevant runtime Policies.

Time Ranges

As in the rest of the platform interface, the time range can be set by date ranges and in increments from 5 minutes to 60 days.

Filter using elements from the log events list

Click one or more elements in a log event to add them directly to the filter.

Click Save button, to save the selected filter to Saved Filters

Directly search elements in the filter

You can directly search by the elements, such as “Cluster_name”, “Flow_IP_destination” etc visible in the logs.

Use Search Filters

Search Filters are categorized into three

1. Predefined filters: A set of predefined filters makes the user's log filtering easier. We have incorporated frequent and important elements into these filters.

   

2. Saved Filters: The saved filters will list all the filters that the user has saved.

3. Unsaved: A set of filters loaded from your cache. It will be available shortly.

Channel Integrations

• Slack
• Splunk
• Cloudwatch
• Elastic
• JiRA

Log Detail Panel

Click one of the events in the log to view the details pane.

The Log Detail contents vary depending on the selected component type of the log event.