{"id":21392169,"url":"https://github.com/sysdiglabs/aks-audit-log","last_synced_at":"2025-10-04T13:19:47.573Z","repository":{"id":40875819,"uuid":"261685714","full_name":"sysdiglabs/aks-audit-log","owner":"sysdiglabs","description":"Instructions and code to connect Azure Kubernetes Service audit logs to Sysdig agent","archived":false,"fork":false,"pushed_at":"2023-09-06T07:59:30.000Z","size":1558,"stargazers_count":3,"open_issues_count":7,"forks_count":6,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-09-22T04:50:55.708Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sysdiglabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-06T07:37:49.000Z","updated_at":"2023-09-06T07:59:34.000Z","dependencies_parsed_at":"2024-11-22T16:15:24.147Z","dependency_job_id":null,"html_url":"https://github.com/sysdiglabs/aks-audit-log","commit_stats":null,"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"purl":"pkg:github/sysdiglabs/aks-audit-log","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Faks-audit-log","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Faks-audit-log/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Faks-audit-log/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Faks-audit-log/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sysdiglabs","download_url":"https://codeload.github.com/sysdiglabs/aks-audit-log/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Faks-audit-log/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278317824,"owners_count":25967191,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-04T02:00:05.491Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-22T13:39:28.842Z","updated_at":"2025-10-04T13:19:47.532Z","avatar_url":"https://github.com/sysdiglabs.png","language":"Shell","readme":"# Azure Kubernetes Service audit log integration to Sysdig Secure\n\nThis repository contains an installation/uninstallation script, instructions and source code to integrate Azure Kubernetes Service audit log to [Sysdig Secure](https://sysdig.com).\n\n[![Actions Status](https://github.com/sysdiglabs/aks-audit-log/workflows/build/badge.svg)](https://github.com/sysdiglabs/aks-audit-log/actions)\n\n## Installation\n\nYou can execute the automatic installation steps using a docker image that has all requirements, or directly using Bash if you already have the requirements in your system.\n\nYou need to know the AKS Cluster Name and the Resource Group Name that you used to create your [Azure AKS Cluster](https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough).\n\n### A. Using Docker image installer\n\nTo execute the installer using a Docker image and sharing your Azure credentials with it, execute:\n\n```bash\ndocker run -it -v $HOME/.azure:/root/.azure sysdiglabs/aks-audit-log-installer:1 \\\n  -g YOUR_RESOURCE_GROUP_NAME -c YOUR_AKS_CLUSTER_NAME\n```\n\nTo see more optional parameters, use:\n\n```bash\ndocker run sysdiglabs/aks-audit-log-installer:1 --help\n```\n\n### B. Using the Bash script\n\nThe installation script has some command line tool requirements:\n  * [Azure-cli](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) (already logged into your account)\n  * envsubst (shipped with gettext package)\n  * kubectl\n  * curl, tr, grep\n\n\n```bash\ncurl -s https://raw.githubusercontent.com/sysdiglabs/aks-audit-log/master/install-aks-audit-log.sh | \\\n  bash -s -- -g YOUR_RESOURCE_GROUP_NAME -c YOUR_AKS_CLUSTER_NAME\n```\n\nTo see more optional parameters, use:\n\n```bash\ncurl -s https://raw.githubusercontent.com/sysdiglabs/aks-audit-log/master/install-aks-audit-log.sh | \\\n  bash -s -- --help\n```\n\nThe installation script creates some resources and configurations in the same resource group as your cluster:\n * Storage Account, to coordinate event consumers\n * Event Hubs, to receive audit log events\n * Diagnostic setting in the cluster, to send audit log to Event Hubs\n * Kubernetes deployment aks-audit-log-forwarder, to forward the log to Sysdig agent\n\nIf everything worked as expected, you can verify that the audit logs are being forwarded executing:\n\n```bash\nkubectl get pods -n sysdig-agent\n# take note of the pod name for aks-audit-log-forwarder\nkubectl log aks-audit-log-forwarder-XXXX -f\n```\n\n## Uninstallation\n\nUse the same parameters as for installation. The script will delete all created resources and configurations.\n\nUsing Docker image:\n\n```bash\ndocker run -it -v $HOME/.azure:/root/.azure \\\n  --entrypoint /app/uninstall-aks-audit-log.sh \\\n  sysdiglabs/aks-audit-log-installer:1 \\\n  -g YOUR_RESOURCE_GROUP_NAME -c YOUR_AKS_CLUSTER_NAME\n```\n\nUsing uninstall Bash script:\n\n```bash\ncurl -s https://raw.githubusercontent.com/sysdiglabs/aks-audit-log/master/uninstall-aks-audit-log.sh | \\\n  bash -s -- -g YOUR_RESOURCE_GROUP_NAME -c YOUR_AKS_CLUSTER_NAME\n```\n\n## More information\n\nCheck the [developer documentation](./docs/readme-dev.md) for aditional documentation about architecture, implementation, dependencies, Log verbose levels, manual deployment, and reference links.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsysdiglabs%2Faks-audit-log","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsysdiglabs%2Faks-audit-log","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsysdiglabs%2Faks-audit-log/lists"}