diff --git a/content/zh/docs/toolbox/auditing/auditing-query.md b/content/zh/docs/toolbox/auditing/auditing-query.md index 8c98736cd..7813f4d65 100644 --- a/content/zh/docs/toolbox/auditing/auditing-query.md +++ b/content/zh/docs/toolbox/auditing/auditing-query.md @@ -1,67 +1,67 @@ --- -title: "Auditing Log Query" -keywords: "Kubernetes, KubeSphere, auditing, log, query" -description: "How to perform queries of auditing logs in KubeSphere." -linkTitle: "Auditing Log Query" +title: "审计日志查询" +keywords: "Kubernetes, KubeSphere, 审计, 日志, 查询" +description: "如何在 KubeSphere 中查询审计日志。" +linkTitle: "审计日志查询" weight: 15330 --- -KubeSphere supports the query of auditing logs among isolated tenants. This tutorial demonstrates how to use the query function, including the interface, search parameters and detail pages. +KubeSphere 支持租户隔离的审计日志查询。本教程演示了如何使用查询功能,包括界面、搜索参数和详情页面。 -## Prerequisites +## 准备工作 -You need to enable [KubeSphere Auditing Logs](../../../pluggable-components/auditing-logs/). +您需要启用 [KubeSphere 审计日志](../../../pluggable-components/auditing-logs/)。 -## Enter the Query Interface +## 进入查询界面 -1. The query function is available for all users. Log in the console with any account, hover over the **Toolbox** in the lower right corner and select **Auditing Operating**. +1. 所有用户都可以使用该查询功能。使用任意帐户登录控制台,在右下角的**工具箱**图标上悬停,然后在弹出菜单中选择**操作审计**。 {{< notice note >}} -Any account has the authorization to query auditing logs, while the logs each account is able to see are different. +任意帐户都有权限查询审计日志,但每个帐户能查看的日志有区别。 -- If an account has the authorization of viewing resources in a project, it can see the auditing log that happens in this project, such as workload creation in the project. -- If an account has the authorization of listing projects in a workspace, it can see the auditing log that happens in this workspace but not in projects, such as project creation in the workspace. -- If an account has the authorization of listing projects in a cluster, it can see the auditing log that happens in this cluster but not in workspaces and projects, such as workspace creation in the cluster. +- 如果一个帐户有权限查看项目中的资源,该帐户便可以查看此项目中发生的审计日志,例如在项目中创建工作负载。 +- 如果一个帐户有权限在企业空间中列出项目,该帐户便可以查看此企业空间(而非项目)中发生的审计日志,例如在企业空间中创建项目。 +- 如果一个帐户有权限在集群中列出项目,该帐户便可以查看此集群(而非企业空间和项目)中发生的审计日志,例如在集群中创建企业空间。 {{}} - ![auditing-operating-ui](/images/docs/toolbox/auditing-operating-ui.jpg) + ![进入操作审计](/images/docs/zh-cn/toolbox/auditing/auditing-log-query/auditing-operating-ui.PNG) -2. As shown in the pop-up window, you can see trends in the total number of auditing logs in the last 12 hours. +2. 在弹出窗口中,您可以查看最近 12 小时内审计日志总数的趋势。 - ![Auditing Operating](/images/docs/toolbox/auditing-operating.png) + ![操作审计](/images/docs/zh-cn/toolbox/auditing/auditing-log-query/auditing-operating.PNG) -3. The **Auditing Operating** console supports the following query parameters: +3. **操作审计**控制台支持以下查询参数: - ![Auditing Log Filter](/images/docs/toolbox/auditing-log-filter.png) + ![审计日志过滤器](/images/docs/zh-cn/toolbox/auditing/auditing-log-query/auditing-log-filter.PNG) - Parameter | Description + 参数 | 描述信息 --- | --- - Cluster | The cluster where the operation happens. It is enabled if the [multi-cluster feature](../../../multicluster-management/) is turned on. - Project | The project where the operation happens. It supports exact query and fuzzy query. - Workspace | The workspace where the operation happens. It supports exact query and fuzzy query. - Resource Type | The type of resource associated with the request. It supports fuzzy query. - Resource Name | The name of the resource associated with the request. It supports fuzzy query. - Verb | The Kubernetes verb associated with the request. For non-resource requests, this is the lower-case HTTP method. It supports exact query. - Status Code | The Http response code. It supports exact query. - Operation Account | The user who calls this request. It supports exact and fuzzy query. - Source IP | The IP address from where the request originated and intermediate proxies. It supports fuzzy query. - Time Range | The time when the request reaches the apiserver. + 集群 | 发生操作的集群。如果开启了[多集群功能](../../../multicluster-management/),则会启用该参数。 + 项目 | 发生操作的项目。支持精确匹配和模糊匹配。 + 企业空间 | 发生操作的企业空间。支持精确匹配和模糊匹配。 + 资源类型 | 与请求相关联的资源类型。支持模糊匹配。 + 资源名称 | 与请求相关联的资源名称。支持模糊匹配。 + 操作行为 | 与请求相关联的 Kubernetes 操作行为。对于非资源请求,该参数为小写 HTTP 方式。支持精确匹配。 + 状态码 | HTTP 响应码。支持精确匹配。 + 操作帐户 | 调用该请求的用户。支持精确匹配和模糊匹配。 + 来源 IP | 该请求源自的 IP 地址和中间代理。支持模糊匹配。 + 时间范围 | 该请求到达 Apiserver 的时间。 {{< notice note >}} -- Fuzzy query supports case-insensitive fuzzy matching and retrieval of full terms by the first half of a word or phrase based on Elasticsearch segmentation rules. -- KubeSphere stores logs for the last seven days by default. You can modify the retention period in the ConfigMap `elasticsearch-logging-curator`. +- 模糊匹配不区分大小写,并且根据 ElasticSearch 分段规则,通过单词或词组的前半部分来检索完整术语。 +- KubeSphere 默认存储最近七天的日志。您可以在 `elasticsearch-logging-curator` ConfigMap 中修改保留期限。 {{}} -## Enter Query Parameters +## 输入查询参数 -1. Select a filter and input the keyword you want to search. For example, query auditing logs containing the information of `user` changed as shown in the following screenshot: +1. 选择一个过滤器,输入您想搜索的关键字。例如,查询包含 `user` 变更信息的审计日志,如下方截图所示: - ![User Changed](/images/docs/toolbox/user-changed.png) + ![用户变更](/images/docs/zh-cn/toolbox/auditing/auditing-log-query/user-changed.PNG) -2. Click any one of the results from the list, and you can see the detail of the auditing log. +2. 点击列表中的任一结果,您便可以查看审计日志的详细信息。 - ![Auditing Log Detail](/images/docs/toolbox/auditing-log-detail.png) \ No newline at end of file + ![Auditing Log Detail](/images/docs/zh-cn/toolbox/auditing/auditing-log-query/audit-log-detail.PNG) diff --git a/static/images/docs/zh-cn/toolbox/auditing/auditing-log-query/audit-log-detail.PNG b/static/images/docs/zh-cn/toolbox/auditing/auditing-log-query/audit-log-detail.PNG new file mode 100644 index 000000000..2439813da Binary files /dev/null and b/static/images/docs/zh-cn/toolbox/auditing/auditing-log-query/audit-log-detail.PNG differ diff --git a/static/images/docs/zh-cn/toolbox/auditing/auditing-log-query/auditing-log-filter.PNG b/static/images/docs/zh-cn/toolbox/auditing/auditing-log-query/auditing-log-filter.PNG new file mode 100644 index 000000000..035167608 Binary files /dev/null and b/static/images/docs/zh-cn/toolbox/auditing/auditing-log-query/auditing-log-filter.PNG differ diff --git a/static/images/docs/zh-cn/toolbox/auditing/auditing-log-query/auditing-operating-ui.PNG b/static/images/docs/zh-cn/toolbox/auditing/auditing-log-query/auditing-operating-ui.PNG new file mode 100644 index 000000000..c1a547fe5 Binary files /dev/null and b/static/images/docs/zh-cn/toolbox/auditing/auditing-log-query/auditing-operating-ui.PNG differ diff --git a/static/images/docs/zh-cn/toolbox/auditing/auditing-log-query/auditing-operating.PNG b/static/images/docs/zh-cn/toolbox/auditing/auditing-log-query/auditing-operating.PNG new file mode 100644 index 000000000..b2bdb33ad Binary files /dev/null and b/static/images/docs/zh-cn/toolbox/auditing/auditing-log-query/auditing-operating.PNG differ diff --git a/static/images/docs/zh-cn/toolbox/auditing/auditing-log-query/user-changed.PNG b/static/images/docs/zh-cn/toolbox/auditing/auditing-log-query/user-changed.PNG new file mode 100644 index 000000000..c98bcc356 Binary files /dev/null and b/static/images/docs/zh-cn/toolbox/auditing/auditing-log-query/user-changed.PNG differ