Best practices

K8S API server configuration audit-log-maxsize is less than 100

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

Kubernetes automatically rotates the log files. Retaining old log files ensures that you would have sufficient log data available for carrying out any investigation or correlation. the '--audit-log-maxsize' determines the size of old log files. Orca has detected that the '--audit-log-maxsize' parameter is set to less then 100, which could lead to lost logs in case a log analysis is required.
  • Recommended Mitigation

    It is recommended to set the 'audit-log-maxbackup' parameter in the configuration file to at least 100 MB.