Comments (4)
Hi @nyrahul, I was going through the existing code and it seems that some commands like
log
exist as a command with root cmd beingkarmor
so the complete command looks likekarmor log --logPath=stdout
, so do we need to get the mentioned filters integrated as flags to the rootkarmor
command? If so the final cmd looks something likekarmor --since=1h --namespace=default --log=hostlog/container
Please correct me if I am wrong.
Handling --namespace
and other filters are much more easy.
Handing since
is tricky because we do not have historic logs pulled by karmor. Karmor pulls just the instantaneous logs.
Handling since
might involve some code changes on the base kubearmor code too.
In general, the task at hand is to enable filtering options based on json fields supported and pass this filtering option to the server so that they can be filtered on the kubearmor server itself. (This also means code changes in the base kubearmor code).
(This seems to be a good point to discuss during our next community call.)
Attaching sample telemetry herewith:
{
"Timestamp": 1643954983,
"UpdatedTime": "2022-02-04T06:09:43.832838Z",
"ClusterName": "default",
"HostName": "ubuntu2004-vagrants",
"NamespaceName": "explorer",
"PodName": "mysql-0",
"ContainerID": "bddbbdb1c00c2092d8b47f3284624cc22e678934d026f300780ee282979e7094",
"ContainerName": "mysql",
"HostPID": 934399,
"PPID": 934391,
"PID": 177937,
"UID": 1001,
"Type": "ContainerLog",
"Source": "/opt/bitnami/mysql/bin/mysqladmin status -uroot -ppassword",
"Operation": "File",
"Resource": "/lib/x86_64-linux-gnu/libnss_files-2.28.so",
"Data": "syscall=SYS_OPENAT fd=-100 flags=/lib/x86_64-linux-gnu/libnss_files.so.2",
"Result": "Passed"
}
{
"Timestamp": 1643954983,
"UpdatedTime": "2022-02-04T06:09:43.832856Z",
"ClusterName": "default",
"HostName": "ubuntu2004-vagrants",
"NamespaceName": "explorer",
"PodName": "mysql-0",
"ContainerID": "bddbbdb1c00c2092d8b47f3284624cc22e678934d026f300780ee282979e7094",
"ContainerName": "mysql",
"HostPID": 934399,
"PPID": 934391,
"PID": 177937,
"UID": 1001,
"Type": "ContainerLog",
"Source": "/opt/bitnami/mysql/bin/mysqladmin status -uroot -ppassword",
"Operation": "File",
"Resource": "/opt/bitnami/mysql/conf/my.cnf",
"Data": "syscall=SYS_OPENAT fd=-100 flags=/opt/bitnami/mysql/conf/my.cnf",
"Result": "Passed"
}
{
"Timestamp": 1643954983,
"UpdatedTime": "2022-02-04T06:09:43.832878Z",
"ClusterName": "default",
"HostName": "ubuntu2004-vagrants",
"NamespaceName": "explorer",
"PodName": "mysql-0",
"ContainerID": "bddbbdb1c00c2092d8b47f3284624cc22e678934d026f300780ee282979e7094",
"ContainerName": "mysql",
"HostPID": 934399,
"PPID": 934391,
"PID": 177937,
"UID": 1001,
"Type": "ContainerLog",
"Source": "/opt/bitnami/mysql/bin/mysqladmin status -uroot -ppassword",
"Operation": "Network",
"Resource": "domain=AF_UNIX type=SOCK_STREAM protocol=0",
"Data": "syscall=SYS_SOCKET",
"Result": "Passed"
}
{
"Timestamp": 1643954983,
"UpdatedTime": "2022-02-04T06:09:43.832901Z",
"ClusterName": "default",
"HostName": "ubuntu2004-vagrants",
"NamespaceName": "explorer",
"PodName": "mysql-0",
"ContainerID": "bddbbdb1c00c2092d8b47f3284624cc22e678934d026f300780ee282979e7094",
"ContainerName": "mysql",
"HostPID": 934399,
"PPID": 934391,
"PID": 177937,
"UID": 1001,
"Type": "ContainerLog",
"Source": "/opt/bitnami/mysql/bin/mysqladmin status -uroot -ppassword",
"Operation": "Network",
"Resource": "sa_family=AF_UNIX sun_path=/opt/bitnami/mysql/tmp/mysql.sock",
"Data": "syscall=SYS_CONNECT fd=3",
"Result": "Passed"
}
{
"Timestamp": 1643954983,
"UpdatedTime": "2022-02-04T06:09:43.832925Z",
"ClusterName": "default",
"HostName": "ubuntu2004-vagrants",
"NamespaceName": "explorer",
"PodName": "mysql-0",
"ContainerID": "bddbbdb1c00c2092d8b47f3284624cc22e678934d026f300780ee282979e7094",
"ContainerName": "mysql",
"HostPID": 45821,
"PPID": 45667,
"PID": 1,
"UID": 1001,
"Type": "ContainerLog",
"Source": "mysqld",
"Operation": "Network",
"Resource": "sa_family=AF_UNIX sun_path=\n",
"Data": "syscall=SYS_ACCEPT fd=25",
"Result": "Passed"
}
{
"Timestamp": 1643954987,
"UpdatedTime": "2022-02-04T06:09:47.006139Z",
"ClusterName": "default",
"HostName": "ubuntu2004-vagrants",
"NamespaceName": "explorer",
"PodName": "knoxautopolicy-684854b4f4-s7vxm",
"ContainerID": "47143ff0f01752aec2d98d376cbee668e365de4a37629fa83876397614bf4ce2",
"ContainerName": "knoxautopolicy",
"HostPID": 48560,
"PPID": 48478,
"PID": 1,
"Type": "ContainerLog",
"Source": "knoxAutoPolicy",
"Operation": "File",
"Resource": "/run/secrets/kubernetes.io/serviceaccount/..2022_02_04_05_24_40.153181384/token",
"Data": "syscall=SYS_OPENAT fd=-100 flags=/var/run/secrets/kubernetes.io/serviceaccount/token",
"Result": "Passed"
}
from kubearmor-client.
Hey @slayer321, There's a pull request in KubeArmor - kubearmor/KubeArmor#683 to support Labels field in telemetry. This should ease things out implementing the labels filter here. Wdyt?
from kubearmor-client.
Hi @nyrahul, I was going through the existing code and it seems that some commands like log
exist as a command with root cmd being karmor
so the complete command looks like karmor log --logPath=stdout
, so do we need to get the mentioned filters integrated as flags to the root karmor
command?
If so the final cmd looks something like karmor --since=1h --namespace=default --log=hostlog/container
Please correct me if I am wrong.
from kubearmor-client.
/assign
from kubearmor-client.
Related Issues (20)
- [Bug] Karmor logs sometimes not showing syscall events HOT 1
- [feat] Improving Broken-link-check scope HOT 3
- Update Long description for karmor install HOT 3
- `--save` command is broken in karmor profile HOT 2
- karmor probe panic HOT 2
- `karmor install --env=generic --save` should work without kubernetes cluster access HOT 4
- karmor install percentage completion showing more than 100% HOT 4
- update `karmor install` to deploy kubearmor-relay sa and associated rbac policies for kubearmor relay HOT 4
- Running karmor probe on operator installation throws incorrect posture values HOT 7
- Karmor probe not showing armored pods
- add instructions to verify the tarballs using cosign HOT 3
- Install karmor without `sudo` HOT 4
- fix scorecard github action HOT 2
- fix renovate go.sum updates HOT 2
- `karmor uninstall` should remove annotations/policies by default HOT 1
- Improve `karmor probe` error handling HOT 1
- JSON output from `karmor logs --json` is not beautified HOT 7
- `karmor sysdump` should contain logs from all pods with `kubearmor-app` label HOT 1
- Show current status of daemonset in `karmor install` HOT 2
- `karmor recommend` doesn't recommend all expected policies with Docker v26 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubearmor-client.