Every action or configuration update through Backyards (now Cisco Service Mesh Manager) is audited for accountability and to get insights from tracking changes.

Primarily Backyards GraphQL API mutation events are recorded with information about the user and the specific query.

Secondarily Kubernetes API server calls are recorded as well, similarly to how the API Server itself would record these events in its audit logs. This is implemented to allow users to see the filtered Kubernetes event log made by Backyards exclusively until the dynamic audit webhook backend feature will reach General Availability. Once that feature is available, users can configure a dynamic audit webhook separately for an even more accurate audit log.

Default setup 🔗︎

By default all audit events are logged to the console output of the Backyards deployment’s main container.

Use one of the features that modify state in the CLI (or over the UI) while tailing the Backyards logs to see what kind of events are logged

kubectl logs deploy/backyards -n backyards-system -c backyards -f

Audit sink 🔗︎

As an alternative Backyards supports a configurable HTTP audit sink as well which is already compatible with the dynamic audit webhook backend of Kubernetes. This audit sink is a simple fluentd deployment configured to listen to the two different types of audit events separately.

We’re suggesting to use a tool like our own logging operator to collect and forward these logs to your selected output for analysis.

Try it out 🔗︎

  1. Enable the audit sink using the install command with the CLI

    backyards install --enable-auditsink
    
  2. Use any of the features in the CLI or over the UI while tailing the logs sent to the configured audit sink deployment

    kubectl logs deploy/backyards-auditsink -n backyards-system -c fluentd -f