Skip to main content
Version: 3.18 (latest)

Audit logs

Big picture

Calico Enterprise audit logs provide security teams and auditors historical data of all changes to resources over time.

Concepts

Resources used in audit logs

Calico Enterprise audit logs are enabled by default for the following resources:

  • Global networkpolicies
  • Network policies
  • Staged global networkpolicies
  • Staged networkpolicies
  • Staged Kubernetes network policies
  • Global network sets
  • Network sets
  • Tiers
  • Host endpoints

Audit logs in Manager UI

Calico Enterprise audit logs are displayed in the Timeline dashboard in Manager UI. You can filter logs, and export data in .json or .yaml formats.

audit-logs

Audit logs are also visible in the Kibana dashboard (indexed by, tigera_secure_ee_audit_ee), and are useful for looking at policy differences.

kibana-auditlogs

Finally, audit logs provide the core data for compliance reports.

compliance-reports

Required next step

Kubernetes resources are also used in compliance reports and other audit-related features, but they are not enabled by default. You must enable Kubernetes resources through the Kubernetes API server. If you miss this step, some compliance reports will not work, and audit trails will not provide a complete view to your security team.