Product
AiStor Logo
Overview
What is AIStor?
Features
Replication Replication Versioning Versioning Observability Observability Encryption Encryption Key Management Server Key Management Server Key Management Server S3 Compatibility Object Immutability Object Immutability Catalog Catalog Object Prompt Object Prompt xxx Identity + Access Mgt Firewall Firewall AIHub AIHub Lifecycle Lifecycle Cache Cache Events and Lambdas Events and Lambdas Console Console
Tools
Erasure Code Calculator Erasure Code Calculator Determine your raw and usable capacity across a range of erasure coding settings. Reference Hardware Reference Hardware MinIO’s recommended Configuration and reference hardware for building large scale data infrastructure.
Solutions
AI Storage Learn how MinIO is leading the AI storage market from its exclusive features to performance at scale. HDFS Migration Modernize and simplify your big data storage infrastructure with cloud native storage with AIStor. Snowflake Learn how to leverage Snowflake external tables to query data without having to move it.
Integrations Integrations with MinIO Browse our expansive list of
integrations with links to the relevant
documentation.
Veeam Learn how MinIO and Veeam have partnered deliver superior RTO and RPO. Modern Datalakes Learn how modern, multi-engine data lakeshouses depend on MinIO's AIStor. Equinix Repatriate your data onto the cloud you control with MinIO and Equinix. SQL Server Learn how to leverage SQL Server 2022 with MinIO to run queries on your data without having to move it. Commvault Learn how Commvault and MinIO are partnered to deliver performance at scale for mission critical backup and restore workloads. Hybrid Cloud Learn how enterprises use MinIO to build AI data infrastructure that runs on any cloud - public, private or colo. Splunk Find out how MinIO is delivering performance at scale for Splunk SmartStores. VMware Discover how MinIO integrates with VMware across the portfolio from the Persistent Data platform to TKG and how we support their Kubernetes ambitions.
Open Source
Github Community Explore, experiment, ask questions and contribute. Docs Development guides. Slack Channel Open Forum for discussing topics related to MinIO.
Download MinIO Object Store Download MinIO Object Store Get MinIO's open source server, client, and SDK.
Resources
Resources Home Browse our library of white papers, solution briefs, benchmarks and videos. Blog Product updates, company news, and educational content. Training Learn the MinIO Way and Become a Data Infrastructure Expert.
Events Events Join us to take advantage to meet with MinIO partners, employees, and subject-matter experts.
Partner Pricing
Login Download

MinIO Audit Logs in ElasticSearch in Kubernetes

AJ AJ on AI/ML
MinIO Audit Logs in ElasticSearch in Kubernetes

Whether you are on-prem or in the Cloud, you want to ensure you set up your tools and processes in a homogenous way. No matter where the infrastructure is being accessed you want to ensure the tools used to interact with the various pieces of infrastructure are similar to the other regions.

With that in mind, having insight into your storage infrastructure is paramount when it comes to deploying your own MinIO object storage infrastructure. When any unexpected activity is happening in your storage infrastructure you would want to surface those logs quickly and in a succinct manner. This tutorial will give you a full overview of how you can surface MinIO audit logs in ElasticSearch so they can be searchable.

Setup Configuration

Deploy MinIO operator on a Kubernetes cluster

kubectl apply -k github.com/minio/operator/

We need to deploy the tenant with ElasticSearch WebHook enabled

Encode your user and password in base64

# Encode your user and password in base64

$ echo -n 'user:password' | base64

dXNlcjpwYXNzd29yZA==

Create the namespace where the secret will be located

kubectl create namespace tenant-lite


Create the secret using the base64 user/password generated earlier. Create a file called secret.yaml and save the contents in there.

apiVersion: v1

kind: Secret

metadata:

  name: mysecrettoken

type: Opaque

stringData:

  token: "Basic dXNlcjpwYXNzd29yZA=="

Apply the secret as follows

k apply -f secret.yaml

Let’s configure the webhook so that it can fetch the credentials from the secret

apiVersion: minio.min.io/v2

kind: Tenant

metadata:

  name: storage

  namespace: minio-tenant

spec:

  env:

    - name: MINIO_AUDIT_WEBHOOK_ENABLE_TESTING

      value: "on"

    - name: MINIO_AUDIT_WEBHOOK_ENDPOINT_TESTING

      value: "http://<HOST>:9200/ajtest/ajtest2"

    - name: MINIO_AUDIT_WEBHOOK_AUTH_TOKEN_TESTING

      valueFrom:

        secretKeyRef:

          name: mysecrettoken

          key: token

          optional: false # value coming from secret

    - name: MINIO_ROOT_USER

      value: minio

    - name: MINIO_ROOT_PASSWORD

      value: minio123

Install the tenant using Kustomize

kubectl apply -k github.com/minio/operator/examples/kustomization/tenant-lite

Lets curl the index to see the output

curl -u <USER>:<PASSWORD> -X GET "<HOST>:9200/ajtest/_search?pretty" -H 'Content-Type: application/json'

You should expect to see audit logs similar to below

[TRUNCATED]

 

        "remotehost" : "10.244.4.2",

          "requestID" : "17329E78E6E41E8E",

          "userAgent" : "MinIO (linux; arm64) madmin-go/0.0.1",

          "requestQuery" : {

            "key" : "audit_webhook:storage-lite-log-search-api"

          },

          "requestHeader" : {

            "Authorization" : "AWS4-HMAC-SHA256 Credential=minio/20221220//s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=2ae3c3d8693619c4407723146091ae3b884827bc6dc8b9d12c9380f4a50db3b7",

            "User-Agent" : "MinIO (linux; arm64) madmin-go/0.0.1",

            "X-Amz-Content-Sha256" : "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",

            "X-Amz-Date" : "20221220T214413Z"

          },

          "responseHeader" : {

            "Accept-Ranges" : "bytes",

            "Content-Length" : "242",

            "Content-Security-Policy" : "block-all-mixed-content",

            "Content-Type" : "application/json",

            "Server" : "MinIO",

            "Strict-Transport-Security" : "max-age=31536000; includeSubDomains",

            "Vary" : "Origin,Accept-Encoding",

            "X-Amz-Request-Id" : "17329E78E6E41E8E",

            "X-Content-Type-Options" : "nosniff",

            "X-Xss-Protection" : "1; mode=block"

          }

        }

      },


[TRUNCATED]


      {

        "_index" : "ajtest",

        "_type" : "ajtest2",

        "_id" : "ADB-MYUBuuSsBbj2iI88",

        "_score" : 1.0,

        "_source" : { }

      }

    ]

  }

}

The output will be very long so we truncated the output so it's legible.

Final Thoughts

As you can see, it's very important to take notice of these audit logs quickly. In fact you can set Alerts via your monitoring system or directly via ElasticSearch to send you alerts based on certain logs so you can be on top of your MinIO storage infrastructure.

More importantly, you need to think about the cloud as an operating model rather than a location. Meaning ensure no matter where you deploy your tools and infrastructure, whether it’d be Hybrid Cloud, Private Cloud, On-Prem, you want to make sure you send your MinIO audit logs to a log processor, doesn’t have to be ElasticSearch. This way no matter where you deploy MinIO you ensure it gets monitored every step of the way.

If you have any questions on how to get your MinIO audit logs into ElasticSearch be sure to reach out to us on Slack!