Ensure that OpenShift Logging Operator is scanning the cluster

An XCCDF Rule

Description

OpenShift Logging Operator provides ability to aggregate all the logs from the OpenShift Container Platform cluster, such as node system audit logs, application container logs, and infrastructure logs. OpenShift Logging aggregates these logs from throughout OpenShift cluster and stores them in a default log store. [1] [1]https://docs.openshift.com/container-platform/4.10/logging/cluster-logging.html

warning alert: Warning

This rule's check operates on the cluster configuration dump. Therefore, you need to use a tool that can query the OCP API, retrieve the /apis/logging.openshift.io/v1/namespaces/openshift-logging/clusterloggings/instance API endpoint to the local /apis/logging.openshift.io/v1/namespaces/openshift-logging/clusterloggings/instance file.

Rationale

OpenShift Logging Operator is able to collect, aggregate, and manage logs.

ID: xccdf_org.ssgproject.content_rule_cluster_logging_operator_exist
Severity: Medium
References: AU-3(2)

SRG-APP-000092-CTR-000165 SRG-APP-000111-CTR-000220 SRG-APP-000358-CTR-000805

CCE-85918-1
Updated: about 1 year ago