Get Source IP in Audit Logs¶
The source IP in audit logs plays a critical role in system and network management. It helps track activities, maintain security, resolve issues, and ensure system compliance. However, getting the source IP can result in some performance overhead, so that audit logs are not always enabled in DCE 5.0. The default enablement of source IP in audit logs and the methods to enable it vary depending on the installation mode. The following sections will explain the default enablement and the steps to enable source IP in audit logs based on the installation mode.
Note
Enabling audit logs will modify the replica count of the istio-ingressgateway, resulting in a certain performance overhead. Enabling audit logs requires disabling LoadBalance of kube-proxy and Topology Aware Routing, which can have a certain impact on cluster performance. After enabling audit logs, it is essential to ensure that the istio-ingressgateway exists on the proper node to the access IP. If the istio-ingressgateway drifts due to node health issues or other issues, it needs to be manually rescheduled back to that node. Otherwise, it will affect the normal operation of DCE 5.0.
Determine the Installation Mode¶
Run the above command in the cluster. If the result is as follows, it means that the cluster is not in the MetalLB installation mode:
NodePort Installation Mode¶
In this mode, the source IP in audit logs is disabled by default. The steps to enable it are as follows:
-
Set the minimum replica count of the istio-ingressgateway HPA to be equal to the number of control plane nodes
-
Modify the externalTrafficPolicy and internalTrafficPolicy value of the istio-ingressgateway service to "Local"
MetalLB Installation Mode¶
In this mode, the source IP in audit logs is gotten by default after the installation. For more information, refer to MetalLB Source IP.