networking/network_security/logging-network-security.adoc

:_mod-docs-content-type: ASSEMBLY
[id="logging-network-security"]
= Audit logging for network security
include::_attributes/common-attributes.adoc[]
:context: logging-network-security

toc::[]

The OVN-Kubernetes network plugin uses Open Virtual Network (OVN) access control lists (ACLs) to manage `AdminNetworkPolicy`, `BaselineAdminNetworkPolicy`, `NetworkPolicy`, and `EgressFirewall` objects. Audit logging exposes `allow` and `deny` ACL events for `NetworkPolicy`, `EgressFirewall` and `BaselineAdminNetworkPolicy` custom resources (CR). Logging also exposes `allow`, `deny`, and `pass` ACL events for `AdminNetworkPolicy` (ANP) CR.

[NOTE]
====
Audit logging is available for only the xref:../../networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc#about-ovn-kubernetes[OVN-Kubernetes network plugin].
====

include::modules/nw-audit-configuration.adoc[leveloffset=+1]

include::modules/nw-operator-cr.adoc[tag=policy-audit]

// Audit logging
include::modules/nw-networkpolicy-audit-concept.adoc[leveloffset=+1]

[role="_additional-resources"]
.Additional resources

* xref:../../networking/network_security/network-policy-apis.adoc#network-policy-apis[Understanding network policy APIs]

include::modules/nw-anp-audit-logging-concept.adoc[leveloffset=+1]

include::modules/nw-banp-audit-logging-concept.adoc[leveloffset=+1]

include::modules/nw-networkpolicy-audit-configure.adoc[leveloffset=+1]

include::modules/nw-networkpolicy-audit-enable.adoc[leveloffset=+1]

include::modules/nw-networkpolicy-audit-disable.adoc[leveloffset=+1]

ifndef::openshift-rosa-hcp[]
[id="{context}-additional-resources"]
[role="_additional-resources"]
== Additional resources

ifdef::openshift-rosa,openshift-enterprise[]
* xref:../../networking/network_security/network_policy/about-network-policy.adoc#about-network-policy[About network policy]
endif::openshift-rosa,openshift-enterprise[]
ifndef::openshift-dedicated,openshift-rosa[]
* xref:../../networking/network_security/egress_firewall/configuring-egress-firewall-ovn.adoc#configuring-egress-firewall-ovn[Configuring an egress firewall for a project]
endif::openshift-dedicated,openshift-rosa[]
endif::openshift-rosa-hcp[]
[enterprise-4.14] changing content type attribute 2023-10-30 10:13:25 -04:00			`:_mod-docs-content-type: ASSEMBLY`
OSDOCS-10396:ANP audit logging in-flight restructure of (B)ANP loggin fixing xrefs and removing the assembly file for (B)ANP adds example outputs 2024-04-29 15:32:01 -04:00			`[id="logging-network-security"]`
			`= Audit logging for network security`
moving attribute files 2022-02-16 11:35:56 -05:00			`include::_attributes/common-attributes.adoc[]`
OSDOCS-10396:ANP audit logging in-flight restructure of (B)ANP loggin fixing xrefs and removing the assembly file for (B)ANP adds example outputs 2024-04-29 15:32:01 -04:00			`:context: logging-network-security`
Add network policy audit logging - https://issues.redhat.com/browse/OSDOCS-1967 2021-06-11 19:42:24 -04:00
			`toc::[]`

OSDOCS-10396:ANP audit logging in-flight restructure of (B)ANP loggin fixing xrefs and removing the assembly file for (B)ANP adds example outputs 2024-04-29 15:32:01 -04:00			The OVN-Kubernetes network plugin uses Open Virtual Network (OVN) access control lists (ACLs) to manage `AdminNetworkPolicy`, `BaselineAdminNetworkPolicy`, `NetworkPolicy`, and `EgressFirewall` objects. Audit logging exposes `allow` and `deny` ACL events for `NetworkPolicy`, `EgressFirewall` and `BaselineAdminNetworkPolicy` custom resources (CR). Logging also exposes `allow`, `deny`, and `pass` ACL events for `AdminNetworkPolicy` (ANP) CR.
Add network policy audit logging - https://issues.redhat.com/browse/OSDOCS-1967 2021-06-11 19:42:24 -04:00
			`[NOTE]`
			`====`
OSDOCS-4815: Updating 'plug-in' to 'plugin' 2023-01-16 16:03:42 -05:00			`Audit logging is available for only the xref:../../networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc#about-ovn-kubernetes[OVN-Kubernetes network plugin].`
Add network policy audit logging - https://issues.redhat.com/browse/OSDOCS-1967 2021-06-11 19:42:24 -04:00			`====`

OSDOCS-10396:ANP audit logging in-flight restructure of (B)ANP loggin fixing xrefs and removing the assembly file for (B)ANP adds example outputs 2024-04-29 15:32:01 -04:00			`include::modules/nw-audit-configuration.adoc[leveloffset=+1]`

			`include::modules/nw-operator-cr.adoc[tag=policy-audit]`

OSDOCS-10371: Expand info in Netowkring Audit Logging section 2024-06-28 12:31:44 +01:00			`// Audit logging`
Add network policy audit logging - https://issues.redhat.com/browse/OSDOCS-1967 2021-06-11 19:42:24 -04:00			`include::modules/nw-networkpolicy-audit-concept.adoc[leveloffset=+1]`

OSDOCS-10371: Expand info in Netowkring Audit Logging section 2024-06-28 12:31:44 +01:00			`[role="_additional-resources"]`
			`.Additional resources`

			`* xref:../../networking/network_security/network-policy-apis.adoc#network-policy-apis[Understanding network policy APIs]`

OSDOCS-10396:ANP audit logging in-flight restructure of (B)ANP loggin fixing xrefs and removing the assembly file for (B)ANP adds example outputs 2024-04-29 15:32:01 -04:00			`include::modules/nw-anp-audit-logging-concept.adoc[leveloffset=+1]`
Add network policy audit logging - https://issues.redhat.com/browse/OSDOCS-1967 2021-06-11 19:42:24 -04:00
OSDOCS-10396:ANP audit logging in-flight restructure of (B)ANP loggin fixing xrefs and removing the assembly file for (B)ANP adds example outputs 2024-04-29 15:32:01 -04:00			`include::modules/nw-banp-audit-logging-concept.adoc[leveloffset=+1]`
Add network policy audit logging - https://issues.redhat.com/browse/OSDOCS-1967 2021-06-11 19:42:24 -04:00
			`include::modules/nw-networkpolicy-audit-configure.adoc[leveloffset=+1]`
OSDOCS-10396:ANP audit logging in-flight restructure of (B)ANP loggin fixing xrefs and removing the assembly file for (B)ANP adds example outputs 2024-04-29 15:32:01 -04:00
Add network policy audit logging - https://issues.redhat.com/browse/OSDOCS-1967 2021-06-11 19:42:24 -04:00			`include::modules/nw-networkpolicy-audit-enable.adoc[leveloffset=+1]`
OSDOCS-10396:ANP audit logging in-flight restructure of (B)ANP loggin fixing xrefs and removing the assembly file for (B)ANP adds example outputs 2024-04-29 15:32:01 -04:00
Add network policy audit logging - https://issues.redhat.com/browse/OSDOCS-1967 2021-06-11 19:42:24 -04:00			`include::modules/nw-networkpolicy-audit-disable.adoc[leveloffset=+1]`

OSDOCS-11830 Split Networking content for ROSA with HCP 2025-02-10 22:19:45 +10:00			`ifndef::openshift-rosa-hcp[]`
Add network policy audit logging - https://issues.redhat.com/browse/OSDOCS-1967 2021-06-11 19:42:24 -04:00			`[id="{context}-additional-resources"]`
adding additional resources tags 2022-02-17 13:08:23 -05:00			`[role="_additional-resources"]`
Add network policy audit logging - https://issues.redhat.com/browse/OSDOCS-1967 2021-06-11 19:42:24 -04:00			`== Additional resources`

resolving additional resources link for rosa as different for HCP resolving additional resources link for rosa as different for OCP 2025-03-19 17:09:12 +00:00			`ifdef::openshift-rosa,openshift-enterprise[]`
topics-map-fix: renames nwt security 2024-06-10 08:12:43 -04:00			`* xref:../../networking/network_security/network_policy/about-network-policy.adoc#about-network-policy[About network policy]`
resolving additional resources link for rosa as different for HCP resolving additional resources link for rosa as different for OCP 2025-03-19 17:09:12 +00:00			`endif::openshift-rosa,openshift-enterprise[]`
OSDOCS-14508: Prune networking 2025-09-16 12:14:29 -05:00			`ifndef::openshift-dedicated,openshift-rosa[]`
Moving egress firewall; Renaming network security 2024-06-18 10:35:56 -04:00			`* xref:../../networking/network_security/egress_firewall/configuring-egress-firewall-ovn.adoc#configuring-egress-firewall-ovn[Configuring an egress firewall for a project]`
OSDOCS-14508: Prune networking 2025-09-16 12:14:29 -05:00			`endif::openshift-dedicated,openshift-rosa[]`
			`endif::openshift-rosa-hcp[]`
OSDOCS-11830 Split Networking content for ROSA with HCP 2025-02-10 22:19:45 +10:00