As a cluster administrator, you can deploy logging on an OpenShift Container Platform cluster, and use it to collect and aggregate node system audit logs, application container logs, and infrastructure logs. You can forward logs to your chosen log outputs, including on-cluster, Red Hat managed log storage. You can also visualize your log data in the OpenShift Container Platform web console, or the Kibana web console, depending on your deployed log storage solution.
|
In OpenShift Container Platform 4.16, the Elasticsearch Operator is only supported for ServiceMesh, Tracing, and Kiali. This Operator is planned for removal from the OpenShift Operator Catalog in November 2025. The reason for removal is that the Elasticsearch Operator is no longer supported for log storage, and Kibana is no longer supported in OpenShift Container Platform 4.16 and later versions. For more information on lifecycle dates, see Platform Agnostic Operators.
|
OpenShift Container Platform cluster administrators can deploy logging by using Operators. For information, see Installing logging.
The Operators are responsible for deploying, upgrading, and maintaining logging. After the Operators are installed, you can create a ClusterLogging
custom resource (CR) to schedule logging pods and other resources necessary to support logging. You can also create a ClusterLogForwarder
CR to specify which logs are collected, how they are transformed, and where they are forwarded to.
|
Because the internal OpenShift Container Platform Elasticsearch log store does not provide secure storage for audit logs, audit logs are not stored in the internal Elasticsearch instance by default. If you want to send the audit logs to the default internal Elasticsearch log store, for example to view the audit logs in Kibana, you must use the Log Forwarding API as described in Forward audit logs to the log store.
|