openshift-docs/security/audit-log-view.adoc

:_mod-docs-content-type: ASSEMBLY
include::_attributes/common-attributes.adoc[]
ifndef::openshift-rosa,openshift-dedicated[]
[id="audit-log-view"]
= Viewing audit logs
endif::openshift-rosa,openshift-dedicated[]

ifdef::openshift-rosa,openshift-dedicated[]
include::_attributes/attributes-openshift-dedicated.adoc[]
[id="audit-log-view"]
= Audit logs
endif::openshift-rosa,openshift-dedicated[]
:context: audit-log-view

toc::[]

{product-title} auditing provides a security-relevant chronological set of records documenting the sequence of activities that have affected the system by individual users, administrators, or other components of the system.

include::modules/nodes-nodes-audit-log-basic.adoc[leveloffset=+1]

ifndef::openshift-rosa,openshift-dedicated[]
// Viewing the audit log
include::modules/nodes-nodes-audit-log-basic-viewing.adoc[leveloffset=+1]

// Filtering audit logs
include::modules/security-audit-log-filtering.adoc[leveloffset=+1]
endif::openshift-rosa,openshift-dedicated[]
// Gathering audit logs
include::modules/gathering-data-audit-logs.adoc[leveloffset=+1]

ifndef::openshift-rosa,openshift-dedicated[]
[id="viewing-audit-logs-additional-resources"]
[role="_additional-resources"]
== Additional resources

* xref:../support/gathering-cluster-data.adoc#about-must-gather_gathering-cluster-data[Must-gather tool]
* link:https://github.com/kubernetes/apiserver/blob/master/pkg/apis/audit/v1/types.go#L72[API audit log event structure]
* xref:../security/audit-log-policy-config.adoc#audit-log-policy-config[Configuring the audit log policy]
* xref:../logging/log_collection_forwarding/log-forwarding.adoc#log-forwarding[About log forwarding]
endif::[]