Lib.rs

Command line utilities
#kubernetes #audit #logs #tui #events

bin+lib kubernetes-audit-log-explorer

TUI for viewing Kubernetes Audit Logs

by Karl Voss

4 releases (2 breaking)

new 0.3.1 Jan 16, 2025
0.3.0 Jan 14, 2025
0.2.0 Oct 18, 2024
0.1.0 Jul 8, 2024

#1915 in Command line utilities

Download history 5/week @ 2024-09-25 1/week @ 2024-10-09 155/week @ 2024-10-16 7/week @ 2024-10-23 1/week @ 2024-10-30 2/week @ 2024-11-06 8/week @ 2024-12-04 9/week @ 2024-12-11 67/week @ 2025-01-08

67 downloads per month

MIT license

200KB
490 lines

Kubernetes Audit Log Explorer (KALE)

Assuming you've got some audit logs:

$ cat data
{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"ec95c2ca-00d4-40b9-93b4-78a6eb1242c7","stage":"ResponseComplete","requestURI":"..."
{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"2f8eb783-8d8b-4540-92db-899f5f0f126a","stage":"ResponseComplete","requestURI":"..."
{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"cddf4c0e-9eda-4e17-b9bf-a0af05132186","stage":"ResponseComplete","requestURI":"..."

kale will accept them via stdin:

kale < data

or you can tail them in on the fly using a tool like awslogs:

awslogs get /aws/eks/YOUR-CLUSTER-LOG-GROUP 'kube-apiserver-audit.*' -G -S -s1h | kale

Keybinds

Key Effect
ESC or Q Quit
Up and Down Scroll the list of logs
PageUp and PageDown Scroll the list of logs faster
j and k Scroll the Request and Response info panes

Screenshots

Dependencies

~10–22MB
~315K SLoC