-
Notifications
You must be signed in to change notification settings - Fork 363
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow Specifying Firewall Log Label #4652
Comments
Thanks @edwardbadboy @Dyanngg. I have one open question about this feature: how about moving
Thinking twice, maybe the con is for users not requesting log label, it is troublesome to update the current manifest. |
After discussion with @salv-orlando, the above approach is not backport compatible. Here is a new proposal:
Where |
Antrea native policies support firewall rule logs. Adding a rule label to the log allows convenient post-processing of the logs like grepping the same log labels. This feature adds a field "logSetting" to the crd, which has two fields "enabled" and "logLabel". "logSetting" and "enableLogging" cannot be used at the same time. "enabled" must always be specified when used. "logLabel" defaults to empty value. Fixes antrea-io#4652 Signed-off-by: Qiyue Yao <yaoq@vmware.com>
Antrea native policies support firewall rule logs. Adding a rule label to the log allows convenient post-processing of the logs like grepping the same log labels. This feature adds a field "logSetting" to the crd, which has two fields "enabled" and "logLabel". "logSetting" and "enableLogging" cannot be used at the same time. "enabled" must always be specified when used. "logLabel" defaults to empty value. Fixes antrea-io#4652 Signed-off-by: Qiyue Yao <yaoq@vmware.com>
Antrea native policies support firewall rule logs. Adding a rule label to the log allows convenient post-processing of the logs like grepping the same log labels. This feature adds a field "logSetting" to the crd, which has two fields "enabled" and "logLabel". "logSetting" and "enableLogging" cannot be used at the same time. "enabled" must always be specified when used. "logLabel" defaults to empty value. Fixes antrea-io#4652 Signed-off-by: Qiyue Yao <yaoq@vmware.com>
Antrea native policies support firewall rule logs. Adding a rule label to the log allows convenient post-processing of the logs like grepping the same log labels. This feature adds a field "logSetting" to the crd, which has two fields "enabled" and "logLabel". "logSetting" and "enableLogging" cannot be used at the same time. "enabled" must always be specified when used. "logLabel" defaults to empty value. Fixes antrea-io#4652 Signed-off-by: Qiyue Yao <yaoq@vmware.com>
Antrea native policies support firewall rule logs. Adding a rule label to the log allows convenient post-processing of the logs like grepping the same log labels. This feature adds a field "logSetting" to the crd, which has two fields "enabled" and "logLabel". "logSetting" and "enableLogging" cannot be used at the same time. "enabled" must always be specified when used. "logLabel" defaults to empty value. Fixes antrea-io#4652 Signed-off-by: Qiyue Yao <yaoq@vmware.com>
Antrea native policies support firewall rule logs. Adding a rule label to the log allows convenient post-processing of the logs like grepping the same log labels. This feature adds a field "logSettings" to the CRDs, which has two fields "enabled" and "logLabel". "logSettings" and "enableLogging" cannot be used at the same time. "enabled" must always be specified when used. "logLabel" defaults to empty value. Fixes antrea-io#4652 Signed-off-by: Qiyue Yao <yaoq@vmware.com>
Antrea native policies support firewall rule logs. Adding a rule label to the log allows convenient post-processing of the logs like grepping the same log labels. This feature adds a field "logLabel" to the CRDs, which will be printed in the logs and exported to flow records. "logLabel" defaults to empty value. Fixes antrea-io#4652 Signed-off-by: Qiyue Yao <yaoq@vmware.com>
Antrea native policies support firewall rule logs. Adding a rule label to the log allows convenient post-processing of the logs like grepping the same log labels. This feature adds a field "logLabel" to the CRDs, which will be printed in the logs and exported to flow records. "logLabel" defaults to empty value. Fixes antrea-io#4652 Signed-off-by: Qiyue Yao <yaoq@vmware.com>
Antrea native policies support firewall rule logs. Adding a rule label to the log allows convenient post-processing of the logs like grepping the same log labels. This feature adds a field "logLabel" to the CRDs, which will be printed in the logs and exported to flow records. "logLabel" defaults to empty value. Fixes antrea-io#4652 Signed-off-by: Qiyue Yao <yaoq@vmware.com>
Antrea native policies support firewall rule logs. Adding a rule label to the log allows convenient post-processing of the logs like grepping the same log labels. This feature adds a field "logLabel" to the CRDs, which will be printed in the logs and exported to flow records. "logLabel" defaults to empty value. Fixes antrea-io#4652 Signed-off-by: Qiyue Yao <yaoq@vmware.com>
Antrea native policies support firewall rule logs. Adding a rule label to the log allows convenient post-processing of the logs like grepping the same log labels. This feature adds a field "logLabel" to the CRDs, which will be printed in the logs and exported to flow records. "logLabel" defaults to empty value. Fixes antrea-io#4652 Signed-off-by: Qiyue Yao <yaoq@vmware.com>
Antrea native policies support firewall rule logs. Adding a rule label to the log allows convenient post-processing of the logs like grepping the same log labels. This feature adds a field "logLabel" to the CRDs, which will be printed in the logs and exported to flow records. "logLabel" defaults to empty value. Fixes #4652 Signed-off-by: Qiyue Yao <yaoq@vmware.com>
Antrea native policies support firewall rule logs. Adding a rule label to the log allows convenient post-processing of the logs like grepping the same log labels. This feature adds a field "logLabel" to the CRDs, which will be printed in the logs and exported to flow records. "logLabel" defaults to empty value. Fixes antrea-io#4652 Signed-off-by: Qiyue Yao <yaoq@vmware.com>
Describe the problem/challenge you have
Antrea NetworkPolicy and ClusterNetworkPolicy allows to turn on firewall rule log. The first packet in a connection which hits the rule will generate log message /var/log/antrea/networkpolicy/np.log.
The log format is as below.
It will be helpful that the ACNP and ANP allows to specify a log label in rule definition, and the log label is written to the log message.
Describe the solution you'd like
For example:
The log label then appears in the firewall log line.
This allow some convenient operations like specifying the same log label on multiple rules across multiple ACNPs, then grep the firewall logs via this log label.
The text was updated successfully, but these errors were encountered: