🚀Launch Week 04, May 13th - 17th, 2024!🚀
Powerpipe Hub 
Hub
Mods
turbot/ibm_compliance
Overview
1Dashboards
67Controls
20Queries
0Variables
GitHub
Loading controls...

Control: 7.1.7 Ensure IBM Cloud Kubernetes Service clusters have the logging service enabled

Description

Create a logging configuration to forward cluster and app logs to IBM Log Analysis with LogDNA. IBM Log Analysis with LogDNA offers administrators, DevOps teams, and developers advanced features to filter, search, and tail log data, define alerts, and design custom views to monitor application and system logs.

Remediation

From Console:

  1. Log in to IBM Cloud at https://cloud.ibm.com.
  2. Click Menu icon --> Resource list
  3. Select your cluster under Clusters to go to the details page.
  4. Select the Overview tab
  5. Under Logging, click Connect.
  6. Select the region and the IBM Log Analysis with LogDNA service instance that you want to use, and click Connect.

From Command Line:

  1. Install the IBM Cloud Kubernetes Service observability plug-in.
ibmcloud plugin install observe-service
  1. Create the LogDNA logging configuration.
ibmcloud ob logging config create --cluster <cluster_name_or_ID> --instance
<LogDNA_instance_name_or_ID>

Usage

Run the control in your terminal:

powerpipe control run ibm_compliance.control.cis_v100_7_1_7

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run ibm_compliance.control.cis_v100_7_1_7 --share

SQL

This control uses a named query:

manual_control

Tags

category = Compliance
cis = true
cis_item_id = 7.1.7
cis_level = 1
cis_section_id = 7.1
cis_type = automated
cis_version = v1.0.0
plugin = ibm
service = IBM/Containers