AKS logs to be monitored by WAZUH
46 views
Skip to first unread message
Gokul Suresh
Aug 18, 2025, 3:36:56 AMAug 18
to Wazuh | Mailing List
Hi team,
I have task to monitor AKS using wazuh. So I would like to get a little guidance for this.
There are different kinds of logs in AKS - Resource logs, Activity logs, container insights etc.
There is a set of categories for monitoring in AKS diagnostic settings (Resource logs)
categories-
kube-apiserver
kube-audit
kube-audit-admin
kube-controller-manager
kube-schedulercluster-autoscaler
cloud-controller-manager
guard
csi-azuredisk-controller
csi-azurefile-controller
csi-snapshot-controller
AllMetrics
Also in Activity logs there are-
I have task to monitor AKS using wazuh. So I would like to get a little guidance for this.
There are different kinds of logs in AKS - Resource logs, Activity logs, container insights etc.
There is a set of categories for monitoring in AKS diagnostic settings (Resource logs)
categories-
kube-apiserver
kube-audit
kube-audit-admin
kube-controller-manager
kube-schedulercluster-autoscaler
cloud-controller-manager
guard
csi-azuredisk-controller
csi-azurefile-controller
csi-snapshot-controller
AllMetrics
Also in Activity logs there are-
Category -
Administrative
Service Health
Resource Health
Alert
Autoscale
Recommendation
Security
Policy
Administrative
Service Health
Resource Health
Alert
Autoscale
Recommendation
Security
Policy
As per the requirement we need all the audit related logs in AKS for monitoring.
I am bit confused on selecting which logs needs to be monitored by wazuh.
From the given log type and categories and also other available AKS logs , can someone help me finalise the logs to be monitored by wazuh.
I am bit confused on selecting which logs needs to be monitored by wazuh.
From the given log type and categories and also other available AKS logs , can someone help me finalise the logs to be monitored by wazuh.
Oluwaseyi Soneye
Aug 18, 2025, 6:09:22 AMAug 18
to Wazuh | Mailing List
Hello,
Kindly check out this blog post on Auditing Kubernetes with Wazuh. The blog post demonstrates how to monitor Kubernetes resource interactions with Wazuh.
Do let me know if this addresses your use case and then we can proceed from there.
Oluwaseyi Soneye
Aug 18, 2025, 6:12:13 AMAug 18
to Wazuh | Mailing List
This should give you full audit coverage at both the Kubernetes level and the Azure platform level though:
Resource Logs:
-
kube-audit
-
kube-audit-admin
-
kube-apiserver
-
(guard if Azure AD auth is used)
Activity Logs:
-
Administrative
-
Security
-
Policy
Gokul Suresh
Aug 18, 2025, 9:27:45 AMAug 18
to Wazuh | Mailing List
Thank you
Oluwaseyi for your reply.
A related link of Auditing Kubernetes with Wazuh was already given in https://groups.google.com/g/wazuh/c/4dK555mbpLM/m/ib6O0gFjAAAJ.
Then again another method was given in https://groups.google.com/g/wazuh/c/vv7yZI_KUEM/m/3EFFsL4-BwAJ.
Since its bit confusing to get different answers. Can you guide me with the apt method.
A related link of Auditing Kubernetes with Wazuh was already given in https://groups.google.com/g/wazuh/c/4dK555mbpLM/m/ib6O0gFjAAAJ.
Then again another method was given in https://groups.google.com/g/wazuh/c/vv7yZI_KUEM/m/3EFFsL4-BwAJ.
Since its bit confusing to get different answers. Can you guide me with the apt method.
Oluwaseyi Soneye
Aug 18, 2025, 3:01:31 PMAug 18
to Wazuh | Mailing List
Hello Gokul,
I would recommend starting with the blog post shared since it helps to log and audit Kubernetes events. See also this documentation from Kubernetes
Reply all
Reply to author
Forward
0 new messages