This is a cache of https://docs.openshift.com/acs/4.4/operating/using-the-administration-events-page.html. It is a snapshot of the page at 2024-11-25T18:02:29.300+0000.
Using the administration events page | Operating | Red Hat Advanced Cluster Security for Kubernetes 4.4
×

You can view administration event information in a single interface with Red Hat Advanced Cluster Security for Kubernetes (RHACS). You can use this interface to help you understand and interpret important event details.

Accessing the event logs in different domains

By viewing the administration events page, you can access various event logs in different domains.

Procedure
  • In the RHACS platform, go to Platform Configuration → Administration Events.

Administration events page overview

The administration events page organizes information in the following groups:

  • Domain: Categorizes events by the specific area or domain within RHACS in which the event occurred. This classification helps organize and understand the context of events.

    The following domains are included:

    • Authentication

    • General

    • Image Scanning

    • Integrations

  • Resource type: Classifies events based on the resource or component type involved.

    The following resource types are included:

    • API Token

    • Cluster

    • Image

    • Node

    • Notifier

  • Level: Indicates the severity or importance of an event.

    The following levels are included:

    • Error

    • Warning

    • Success

    • Info

    • Unknown

  • Event last occurred at: Provides information about the timestamp and date when an event occurred. It helps track the timing of events, which is essential for diagnosing issues and understanding the sequence of actions or incidents.

  • Count: Indicates the number of times a particular event occurred. This number is useful in assessing the frequency of an issue. An event that has occurred multiple times indicates a persistent issue that you need to fix.

Each event also gives you an indication of what you need to do to fix the error.

Getting information about the events in a particular domain

By viewing the details of an administration event, you get more information about the events in that particular domain. This enables you to better understand the context and details of the events.

Procedure
  • In the Administration Events page, click the domain to view its details.

Administration event details overview

The administration event provides log information that describes the error or event.

The logs provide the following information:

  • Context of the event

  • Steps to take to fix the error

The administration event page organizes information in the following groups:

  • Resource type: Classifies events based on the resource or component type involved.

    The following resource types are included:

    • API Token

    • Cluster

    • Image

    • Node

    • Notifier

  • Resource name: Specifies the name of the resource or component to which the event refers. It identifies the specific instance within the domain where the event occurred.

  • Event type: Specifies the source of the event. Central generates log events that correspond to administration events created from log statements.

  • Event ID: A unique identifier composed of alphanumeric characters that is assigned to each event. Event IDs can be useful in identifying, tracking, and managing events over time.

  • Created at: Indicates the timestamp and date when the event was originally created or recorded.

  • Last occurred at: Specifies the timestamp and date when the event last occurred. This tracks the timing of the event, which can be critical for diagnosing and fixing recurring issues.

  • Count: Indicates the number of times a particular event occurred. This number is useful in assessing the frequency of an issue. An event that has occurred multiple times indicates a persistent issue that you need to fix.

Setting the expiration of the administration events

By specifying the number of days, you can control when the administration events expire. This is important for managing your events and ensuring that you retain the information for the desired duration.

By default, administration events are retained for 4 days. The retention period for these events is determined by the time of the last occurrence and not by the time of creation. This means that an event expires and is deleted only if the time of the last occurrence exceeds the specified retention period.

Procedure
  1. In the RHACS portal, go to Platform Configuration → System Configuration. You can configure the following setting for administration events:

    • Administration events retention days: The number of days to retain your administration events.

  2. To change this value, click Edit, make your changes, and then click Save.