Introduction

The platform's auditing function provides time-ordered operation records related to users and system security. This helps you analyze specific issues and quickly resolve problems that occur in clusters, custom applications, and other areas.

Through auditing, you can track various changes in the Kubernetes cluster, including:

What changes occurred in the cluster during a specific time period
Who performed these changes (system components or users)
Details of important change events (e.g., POD parameter updates)
Event outcomes (success or failure)
Operator location (internal or external to the cluster)
User operation records (updates, deletions, management operations) and their results

Prerequisites

Your account must have platform management or platform auditing permissions.

Procedure

In the left navigation bar, click Auditing.
Select the auditing scope from the tabs:
- User Operations: View operation records of users who have logged in to the platform
- System Operations: View system operation records (operators start with system:)

Configure query conditions to filter auditing events:

Query Condition	Description
Operator	Username or system account name of the operator (default: `All`)
Actions	Type of operation (create, update, delete, manage, rollback, stop, etc., default: `All`)
Clusters	Cluster containing the operated resource (default: `All`)
Resource Type	Type of the operated resource (default: `All`)
Resource Name	Name of the operated resource (supports fuzzy search)

Click Search.

TIP

Use the Time Range dropdown to set the audit time range (default: Last 30 Minutes). You can select a preset range or customize one.
Click the refresh icon to update search results.
Click the export icon to download results as a .csv file.

Search Results

The search results display the following information:

Parameter	Description
Operator	Username or system account name of the operator
Actions	Type of operation (create, update, delete, manage, rollback, stop, etc.)
Resource Name/Type	Name and type of the operated resource
Clusters	Cluster containing the operated resource
Namespaces	Namespace containing the operated resource
Client IP	IP address of the client used to execute the operation
Operation Result	Operation outcome based on API return code (2xx = success, other = failure)
Operation Time	Timestamp of the operation
Details	Click the Details button to view the complete audit record in JSON format in the Audit Details dialog box

ON THIS PAGE

How to

Architecture

Concepts

Guides

How To

Trouble Shooting

Concepts

Guides

How To

Troubleshooting

Install

Concepts

Guides

How To

Disaster Recovery

Concepts

Guides

How To

Guides

Compliance

Install

API Refiner

User

Guides

Group

Guides

Role

Guides

IDP

Guides

Troubleshooting

User Policy

Guides

Overview

Images

Guides

How To

Virtual Machine

Guides

How To

Troubleshooting

Network

Guides

How To

Storage

Guides

Backup and Recovery

Guides

Concepts

Guides

Pre-Application Creation Preparation

Creating Applications

Creating Workloads

Actions You Can Take After Creating an Application

Configuring Network

Using Services

Using Ingresses

Using Gateways and Route Rules

Using LoadBalancers

Operation and Maintenance

Catalog

Pod and Container

Pod

Container

How To

Concepts

Guides

How To

Install

Guides

How To

Concepts

Guides

Argo CD Concept

Alauda Container Platform GitOps Concepts

Creating GitOps Application

GitOps Observability

Architecture

Guides

How To