Manage Calico Enterprise logs
Overview
Calico Enterprise deploys an in-cluster Elasticsearch and Kibana stack for flow, DNS, audit, BGP, and L7 logs with workload context, RBAC, and archival to SIEMs.
Configure data retention
Set retention windows for Calico Enterprise flow, DNS, audit, BGP, L7, snapshot, and compliance report data in the in-cluster LogStorage resource.
Archive logs
Forward Calico Enterprise flow, DNS, audit, and L7 logs to Syslog, Splunk, or Amazon S3 to retain compliance data beyond in-cluster Elasticsearch retention.
Configure RBAC for Elasticsearch logs and events
Set fine-grained Kubernetes RBAC permissions in Calico Enterprise to control access to Elasticsearch flow, audit, DNS, and intrusion detection event indices.
Flow logs
6 items
Audit logs
Calico Enterprise audit logs record changes to network policies, tiers, network sets, host endpoints, and other resources for security and compliance review.
DNS logs
2 items
BGP logs
Reference of key/value fields in Calico Enterprise BGP activity logs stored in Elasticsearch, with sample queries for IPv4, IPv6, and per-node lookups.
L7 logs
2 items
Troubleshoot logs
Troubleshooting guide for in-cluster Elasticsearch problems in Calico Enterprise covering LogStorage, storage classes, persistent volumes, and diagnostic logs.