Audit logs are core components of security and observability in Kubernetes. This post explains how to ingest and store Kubernetes audit logs in Parseable. Additionally, we'll see how to setup alerts on these logs to get notified when a specific event occurs. In this example, we'll setup an alert to get notified when a user (service-account) accesses a secret.
pb is a command line tool designed to fit developer's toolkit and help debug issues faster. You can point pb to a Parseable for instance, query and analyze logs, directly from the comfort of command line. The focus is to meet the users where they are, and not force them to switch contexts into different dashboards. pb is written in Go and available as a single static binary for all the major platforms.
Logging agents collect, transform and send log event data to a centralized location for analysis. This blog will focus on Vector logging agent for log ingestion in the Parseable log analytics engine.
Parseable is a free and open source, purpose built log observability system. We use advancements in big data and analytics to bring best of efficiency, simplicity, and performance to log data. Learn why and how we're building Parseable.