Skip to main content
Calico Enterprise 3.19 (latest) documentation

Filter DNS logs

Calico Enterprise supports filtering out DNS logs based on user provided configuration. Use filtering to suppress logs of low significance.

Configure DNS filtering

DNS log filtering is configured through a ConfigMap in the tigera-operator namespace.

To enable DNS log filtering, follow these steps:

  1. Create a filters directory with a file named dns with the contents of your desired filter using Filter configuration files. If you are also adding flow filters also add the flow file to the directory.
  2. Create the fluentd-filters ConfigMap in the tigera-operator namespace with the following command.
    kubectl create configmap fluentd-filters -n tigera-operator --from-file=filters

Filter configuration files

The filters defined by the ConfigMap are inserted into the fluentd configuration file. The upstream fluentd documentation describes how to write fluentd filters. The DNS log schema can be referred to for the specification of the various fields you can filter based on. Remember to ensure that the config file is properly indented in the ConfigMap.

Example 1: filter out cluster-internal lookups

This example filters out lookups for domain names ending with ".cluster.local". More logs could be filtered by adjusting the regular expression "pattern", or by adding additional exclude blocks.

<filter dns>
@type grep
<exclude>
key qname
pattern /\.cluster\.local$/
</exclude>
</filter>

Example 2: keep logs only for particular domain names

This example will filter out all logs except those for domain names ending .co.uk.

<filter dns>
@type grep
<regexp>
key qname
pattern /\.co\.uk$/
</regexp>
</filter>