All Products
Search

This Product

    Cloud Monitor:Cluster auditing

    Document Center

    Cloud Monitor:Cluster auditing

    Last Updated:Dec 03, 2025

    Auditing is a feature of the API Server that records requests made to the Kubernetes API and the outcomes of those requests. Container Service for Kubernetes (ACK) provides API Server audit logs. These logs help cluster administrators track user activities, such as who accessed which resource and when. You can use these logs to trace the operation history of a cluster, troubleshoot cluster failures, and simplify security operations and maintenance (O&M).

    Prerequisites

    You have connected Container Service for Kubernetes (ACK) to Cloud Monitor 2.0.

    Procedure

    1. Log on to the Cloud Monitor 2.0 console, and select a workspace. In the left navigation pane, choose Application Center > CloudLens > CloudLens App For Container.

    2. On the navigation bar of CloudLens for Container, choose CloudLens > Cluster Audit.

    3. On the page that appears, view the cluster audit charts on the Audit Overview tab.

    4. At the top of the Audit Overview page, select dimensions to filter audit events, such as namespace, Resource Access Management (RAM) user, and status code, to view the corresponding data charts.

    5. Dashboard charts for cluster audit visualization.

      Metric

      Description

      Total Events

      The total number of cluster events.

      Public Network Access Count

      The number of times the cluster was accessed from the public network.

      Illegal Access Count

      The number of illegal access attempts to the cluster.

      Created Events

      The number of created events in the cluster.

      Deleted Events

      The number of deleted events in the cluster.

      API Server Redirections

      The number of API Server redirections in the cluster.

      RAM User Operation Distribution

      The distribution of operations performed by RAM users.

      Delete Event Distribution

      The distribution of delete events in the cluster.

      Operation Trace

      A record of actions performed.

      Region Distribution of Public Network Access

      The geographic distribution of public network access.

      Public Network Access List

      A detailed list of public network access events.

      Command Execution List

      A list of commands executed in the cluster.

      Attach Execution List

      A list of attach executions in the cluster.

      Secret Access

      A record of access to secrets in the cluster.

      Deleted Event List

      Deleting the cluster event list

      Kubernetes CVE-2022-3172 Security Risk

      This report shows potential Kubernetes CVE security risks in the current cluster. Select or enter a RAM user ID to perform a real-time query. The report shows the Kubernetes CVE security risks for the specified account. For more information about the CVE details and solutions, see CVE Vulnerability Fixes.

    6. After the chart data loads, click the image.png icon in the upper-right corner of a chart. This lets you perform more operations, such as viewing the chart in full screen or previewing the search statement for a pinned area.