Configure Audits

Prerequisites

An existing Grey Matter deployment running on Kubernetes (tutorial)
kubectl or oc setup with access to the cluster
greymatter cli setup with access to the deployment
An ELK stack or a running Kafka cluster that is reachable from your Grey Matter deployment.

Steps

1. Enable the observables filters

Choose a running Grey Matter sidecar to configure audits on. Get the listener_key for its ingress listener (run greymatter list listener | grep listener_key to see all keys), and run the following to enable the observables filter:

greymatter edit listener <listener-key>

Add "gm.observables" to the existing list of active_http_filters. Change the topic field of the following configuration to your service name and add it to the http_filters map, so that the listener object looks like:

  ...
  "active_http_filters": [..., "gm.observables"],
  "http_filters": {
    ...
    "gm_observables": {
      "useKafka": true,
      "topic": "<service-name>",
      "eventTopic": "greymatter",
      "kafkaServerConnection": "kafka-observables.observables.svc:9092"
    }
  }

Save to apply.

See the observables filter documentation for all configuration options.

Note: If you are pointing at a Kafka cluster not configured with the ELK stack guide, replace the kafkaServerConnection with the correct address for your servers.

2. Test and verify

Make a request to the service on which you enabled the observables filter. In the service logs, you should see:

INF Message publishing to Kafka Encryption= EncryptionKeyID=0 Filter=Observables Topic=<service-name>

Then, you can move on to visualize audits in the Kibana dashboard, or if you would like to view the audits using a kafka consumer, continue below.

View Observables in Kafka

To spin up a Kafka consumer, run:

kubectl run kafka-observables-client --rm --tty -i --restart='Never' --image docker.io/bitnami/kafka:2.4.0-debian-9-r22 --namespace observables --command -- bash

From within the client, run the following to view the existing audits:

 kafka-console-consumer.sh --topic greymatter --from-beginning --bootstrap-server kafka-observables.observables.svc:9092

There you can see the audits. To see a break down of the structure, check out the usage documentation.

Next Steps

Have your audits configured? Take the next step and learn how to visualize your audit data.

Visualize Audits

Questions

Need help configuring audits?

Create an account at Grey Matter Support to reach our team.

PreviousDeploy an ELK Stack NextVisualize Audits

Last updated 4 years ago

Was this helpful?

hashtagPrerequisites

hashtagSteps

hashtag1. Enable the observables filters

hashtag2. Test and verify

hashtagView Observables in Kafka

hashtagNext Steps

hashtagQuestions