apiVersion: v1 kind: ConfigMap metadata: name: edge-siem namespace: fluent-operator data: edge-siem: |- [ { "namespace": "auth-proxy", "pod": "auth-proxy", "container": "auth-proxy", "log_class": "audit", "log_type": "auth-proxy", "severity": "INFO", "pattern": "" }, { "namespace": "auth-proxy", "pod": "auth-proxy", "container": "linkerd.*", "log_class": "audit", "log_type": "auth-proxy", "severity": "INFO", "pattern": "" }, { "namespace": "authserver", "pod": "authserver", "container": "authserver", "log_class": "audit", "log_type": "authserver", "severity": "INFO", "pattern": "" }, { "namespace": "authserver", "pod": "authserver", "container": "linkerd.*", "log_class": "audit", "log_type": "authserver", "severity": "INFO", "pattern": "" }, { "namespace": "couchctl", "pod": "couchctl", "container": "couchctl", "log_class": "security", "log_type": "couchctl", "severity": "INFO", "pattern": "" }, { "namespace": "couchctl", "pod": "couchctl", "container": "linkerd.*", "log_class": "security", "log_type": "couchctl", "severity": "INFO", "pattern": "" }, { "namespace": "cushion", "pod": "cushion", "container": "cushion", "log_class": "security", "log_type": "cushion", "severity": "INFO", "pattern": "" }, { "namespace": "cushion", "pod": "cushion", "container": "linkerd.*", "log_class": "security", "log_type": "cushion", "severity": "INFO", "pattern": "" }, { "namespace": "data-sync-connector", "pod": "data-sync-connector", "container": "shoot", "log_class": "security", "log_type": "shoot", "severity": "INFO", "pattern": "" }, { "namespace": "data-sync-connector", "pod": "data-sync-connector", "container": "linkerd.*", "log_class": "security", "log_type": "shoot", "severity": "INFO", "pattern": "" }, { "namespace": "data-sync-couchdb", "pod": "data-sync-couchdb", "container": "couchdb", "log_class": "security", "log_type": "couchdb", "severity": "INFO", "pattern": "" }, { "namespace": "data-sync-couchdb", "pod": "data-sync-couchdb", "container": "linkerd.*", "log_class": "security", "log_type": "couchdb", "severity": "INFO", "pattern": "" }, { "namespace": "data-sync-messaging", "pod": "data-sync-messaging", "container": "data-sync-messaging", "log_class": "security", "log_type": "data-sync-messaging", "severity": "INFO", "pattern": "" }, { "namespace": "data-sync-messaging", "pod": "data-sync-messaging", "container": "linkerd.*", "log_class": "security", "log_type": "data-sync-messaging", "severity": "INFO", "pattern": "" }, { "namespace": "edge-backend", "pod": "ee-bff-golang", "container": "edge-backend", "log_class": "audit", "log_type": "edge-backend", "severity": "INFO", "pattern": "" }, { "namespace": "edge-backend", "pod": "ee-bff-golang", "container": "linkerd.*", "log_class": "audit", "log_type": "edge-backend", "severity": "INFO", "pattern": "" }, { "namespace": "edge-bsl", "pod": "edge-bsl", "container": "edge-bsl", "log_class": "security", "log_type": "edge-bsl", "severity": "INFO", "pattern": "" }, { "namespace": "edge-bsl", "pod": "edge-bsl", "container": "linkerd.*", "log_class": "security", "log_type": "edge-bsl", "severity": "INFO", "pattern": "" }, { "namespace": "edge-iam", "pod": "external-provider", "container": "edge-iam-provider", "log_class": "security", "log_type": "edge-iam-provider", "severity": "INFO", "pattern": "" }, { "namespace": "edge-iam", "pod": "external-provider", "container": "linkerd.*", "log_class": "security", "log_type": "edge-iam-provider", "severity": "INFO", "pattern": "" }, { "namespace": "edge-iam", "pod": "store-provider", "container": "edge-iam-provider", "log_class": "security", "log_type": "edge-iam-provider", "severity": "INFO", "pattern": "" }, { "namespace": "edge-iam", "pod": "store-provider", "container": "linkerd.*", "log_class": "security", "log_type": "edge-iam-provider", "severity": "INFO", "pattern": "" }, { "namespace": "edge-iam", "pod": "store-redis", "container": "linkerd.*", "log_class": "security", "log_type": "edge-iam-redis", "severity": "INFO", "pattern": "" }, { "namespace": "edge-iam", "pod": "store-redis", "container": "redis", "log_class": "security", "log_type": "edge-iam-redis", "severity": "INFO", "pattern": "" }, { "namespace": "edge-iam", "pod": "touchpoint-provider", "container": "edge-iam-provider", "log_class": "security", "log_type": "edge-iam-provider", "severity": "INFO", "pattern": "" }, { "namespace": "edge-iam", "pod": "touchpoint-provider", "container": "linkerd.*", "log_class": "security", "log_type": "edge-iam-provider", "severity": "INFO", "pattern": "" }, { "namespace": "edge-iam", "pod": "touchpoint-redis", "container": "linkerd.*", "log_class": "security", "log_type": "edge-iam-redis", "severity": "INFO", "pattern": "" }, { "namespace": "edge-iam", "pod": "touchpoint-redis", "container": "redis", "log_class": "security", "log_type": "edge-iam-redis", "severity": "INFO", "pattern": "" }, { "namespace": "edge-ingress", "pod": "emissary-ingress", "container": "ambassador", "log_class": "security", "log_type": "ambassador", "severity": "INFO", "pattern": "" }, { "namespace": "edge-ingress", "pod": "emissary-ingress", "container": "linkerd.*", "log_class": "security", "log_type": "ambassador", "severity": "INFO", "pattern": "" }, { "namespace": "edge-ui", "pod": "edge-ui", "container": "edge-ui", "log_class": "security", "log_type": "edge-ui", "severity": "INFO", "pattern": "" }, { "namespace": "edge-ui", "pod": "edge-ui", "container": "linkerd.*", "log_class": "security", "log_type": "edge-ui", "severity": "INFO", "pattern": "" }, { "namespace": "emergencyaccess", "pod": "authservice", "container": "authservice", "log_class": "audit", "log_type": "oi-remotecli", "severity": "INFO", "pattern": "Authorize%sRequest%sCalled" }, { "namespace": "emergencyaccess", "pod": "authservice", "container": "authservice", "log_class": "audit", "log_type": "oi-remotecli", "severity": "INFO", "pattern": "Authorize%sCommand%sCalled" }, { "namespace": "emergencyaccess", "pod": "authservice", "container": "authservice", "log_class": "audit", "log_type": "oi-remotecli", "severity": "INFO", "pattern": "Authorize%sTarget%sCalled" }, { "namespace": "emergencyaccess", "pod": "authservice", "container": "authservice", "log_class": "audit", "log_type": "oi-remotecli", "severity": "INFO", "pattern": "Authorize%sUser%sCalled" }, { "namespace": "emergencyaccess", "pod": "eagateway", "container": "eagateway", "log_class": "audit", "log_type": "oi-remotecli", "severity": "INFO", "pattern": "Ending%sSession" }, { "namespace": "emergencyaccess", "pod": "eagateway", "container": "eagateway", "log_class": "audit", "log_type": "oi-remotecli", "severity": "INFO", "pattern": "Send%sAPI%sCalled" }, { "namespace": "emergencyaccess", "pod": "eagateway", "container": "eagateway", "log_class": "audit", "log_type": "oi-remotecli", "severity": "INFO", "pattern": "New%ssession%sstarted" }, { "namespace": "emergencyaccess", "pod": "eagateway", "container": "eagateway", "log_class": "audit", "log_type": "oi-remotecli", "severity": "INFO", "pattern": "Session%sended" }, { "namespace": "emissary", "pod": "emissary-ingress", "container": "ambassador", "log_class": "security", "log_type": "ambassador", "severity": "INFO", "pattern": "" }, { "namespace": "emissary", "pod": "emissary-ingress", "container": "linkerd.*", "log_class": "security", "log_type": "ambassador", "severity": "INFO", "pattern": "" }, { "namespace": "etcd-operator", "pod": "etcd-operator", "container": "etcd-operator", "log_class": "audit", "log_type": "etcd-operator", "severity": "INFO", "pattern": "" }, { "namespace": "etcd-operator", "pod": "etcd-operator", "container": "linkerd.*", "log_class": "audit", "log_type": "etcd-operator", "severity": "INFO", "pattern": "" }, { "namespace": "fim", "pod": "samhain", "container": "fim", "log_class": "audit", "log_type": "fim", "severity": "INFO", "pattern": "" }, { "namespace": "fim", "pod": "samhain", "container": "linkerd.*", "log_class": "audit", "log_type": "fim", "severity": "INFO", "pattern": "" }, { "namespace": "interlock", "pod": "interlock", "container": "interlock", "log_class": "audit", "log_type": "interlock", "severity": "INFO", "pattern": "" }, { "namespace": "interlock", "pod": "interlock", "container": "linkerd.*", "log_class": "audit", "log_type": "interlock", "severity": "INFO", "pattern": "" }, { "namespace": "kube-system", "pod": "lan-outage", "container": "lan-outage-detector", "log_class": "audit", "log_type": "lan-outage-detector", "severity": "INFO", "pattern": "entering%sLAN%sOutage%sMode" }, { "namespace": "kube-system", "pod": "lan-outage", "container": "lan-outage-detector", "log_class": "audit", "log_type": "lan-outage-detector", "severity": "INFO", "pattern": "entered%sLAN%sOutage%sMode%ssuccessfully" }, { "namespace": "kube-system", "pod": "lan-outage", "container": "lan-outage-detector", "log_class": "audit", "log_type": "lan-outage-detector", "severity": "INFO", "pattern": "leaving%sLAN%sOutage%sMode" }, { "namespace": "kube-system", "pod": "lan-outage", "container": "lan-outage-detector", "log_class": "audit", "log_type": "lan-outage-detector", "severity": "INFO", "pattern": "left%sLAN%sOutage%sMode%ssuccessfully" }, { "namespace": "patchctl", "pod": "d-sds-patching", "container": "linkerd.*", "log_class": "security", "log_type": "patchctl", "severity": "INFO", "pattern": "" }, { "namespace": "patchctl", "pod": "d-sds-patching", "container": "patchctl", "log_class": "security", "log_type": "patchctl", "severity": "INFO", "pattern": "" }, { "namespace": "pxe", "pod": "dnsmasq-controller", "container": "dnsmasq", "log_class": "security", "log_type": "dnsmasq", "severity": "INFO", "pattern": "" }, { "namespace": "pxe", "pod": "dnsmasq-controller", "container": "linkerd.*", "log_class": "security", "log_type": "dnsmasq", "severity": "INFO", "pattern": "" }, { "namespace": "pxe", "pod": "pxe-controller", "container": "pxe-controller", "log_class": "audit", "log_type": "pxeaudit", "severity": "INFO", "pattern": "" }, { "namespace": "pxe", "pod": "pxe-controller", "container": "linkerd.*", "log_class": "audit", "log_type": "pxeaudit", "severity": "INFO", "pattern": "" }, { "namespace": "sds", "pod": "nodeagent", "container": "linkerd.*", "log_class": "security", "log_type": "nodeagent", "severity": "INFO", "pattern": "" }, { "namespace": "sds", "pod": "nodeagent", "container": "nodeagent", "log_class": "security", "log_type": "nodeagent", "severity": "INFO", "pattern": "" }, { "namespace": "sequel", "pod": "sequel", "container": "linkerd.*", "log_class": "audit", "log_type": "sequel", "severity": "INFO", "pattern": "" }, { "namespace": "sequel", "pod": "sequel", "container": "sequel", "log_class": "audit", "log_type": "sequel", "severity": "INFO", "pattern": "" }, { "namespace": "vpn", "pod": "wireguard-relay", "container": "linkerd.*", "log_class": "security", "log_type": "wireguard", "severity": "INFO", "pattern": "" }, { "namespace": "vpn", "pod": "wireguard-relay", "container": "wireguard", "log_class": "security", "log_type": "wireguard", "severity": "INFO", "pattern": "" }, { "namespace": "vpn", "pod": "wireguard-store", "container": "linkerd.*", "log_class": "security", "log_type": "wireguard-store", "severity": "INFO", "pattern": "" }, { "namespace": "vpn", "pod": "wireguard-store", "container": "nginx", "log_class": "security", "log_type": "wireguard-store-nginx", "severity": "INFO", "pattern": "" }, { "namespace": "vpn", "pod": "wireguard-store", "container": "wireguard", "log_class": "security", "log_type": "wireguard-store", "severity": "INFO", "pattern": "" }, { "namespace": "vpn", "pod": "wireguard-store", "container": "linkerd.*", "log_class": "security", "log_type": "wireguard-store-nginx", "severity": "INFO", "pattern": "" }, { "namespace": "vpn", "pod": "wireguardctl", "container": "linkerd.*", "log_class": "security", "log_type": "wireguardctl", "severity": "INFO", "pattern": "" }, { "namespace": "vpn", "pod": "wireguardctl", "container": "wireguardctl", "log_class": "security", "log_type": "wireguardctl", "severity": "INFO", "pattern": "" }, { "namespace": "vnc", "pod": "novnc", "container": "gateway", "log_class": "audit", "log_type": "vnc", "severity": "INFO", "pattern": "VNC%suser%srequested%sauthorization" }, { "namespace": "vnc", "pod": "novnc", "container": "gateway", "log_class": "audit", "log_type": "vnc", "severity": "INFO", "pattern": "VNC%sconnection%svalidation%srequested" }, { "namespace": "vnc", "pod": "novnc", "container": "gateway", "log_class": "audit", "log_type": "vnc", "severity": "INFO", "pattern": "VNC%sconnection%sdisconnected" } ]