Cloud Service Mesh (CSM)

Istio is the audited operable component of Cloud Service Mesh.

Workload location

Root and organization workloads
Audit log source

Istio Service Mesh Envoy
Audited operations

Received requests and responses

Received requests and responses

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity username

For example,

"username": "fop-cluster-admin@example.com"

Target

(Fields and values that call the API)
  • authority
  • resource.cluster_name
  • resource.log_name
  • resource.node_name
  • resource.zone_name

For example,

"authority": "console.zone1.google.gdch.test", "resource": {  "cluster_name": "fleet-admin-platform.gpc-system",  "log_name": "otel_envoy_accesslog",  "node_name": "sidecar~10.253.132.163",  "zone_name": "europe-west4-a"  }

Action

(Fields containing the performed operation)
  • body
  • bytes_received
  • bytes_sent
  • connection_termination_details
  • downstream_local_address
  • downstream_remote_address
  • duration
  • method

For example,

"body": {}, "bytes_received": "0", "bytes_sent": "46259", "connection_termination_details": "-", "downstream_local_address": "10.253.132.163:80", "downstream_remote_address": "10.200.0.1:0", "duration": "4", "method": "GET"

Event timestamp
  • start_time
  • time_unix_nano

For example,

"start_time": "2022-11-15T23:59:41.041Z", "time_unix_nano": 1668556781041333000

Source of action downstream_remote_address

For example,

"downstream_remote_address": "10.200.0.1:0"
Outcome response_code

For example,

"response_code": "200"
Other fields Not applicable Not applicable

Example log

{  "authority":"cortex-tenant.obs-system.svc:9009",  "body":{},  "bytes_received":"573",  "bytes_sent":"19",  "connection_termination_details":"-",  "downstream_local_address":"10.253.132.167:9009",  "downstream_remote_address":"10.253.132.122:48272",  "duration":"1",  "method":"POST",  "observed_time_unix_nano":0,  "path":"/push",  "protocol":"HTTP/1.1",  "requested_server_name":"-",  "resource":{  "cluster_name":"cortex-tenant.obs-system",  "log_name":"otel_envoy_accesslog",  "node_name":"sidecar~10.253.132.167~cortex-tenant-7b9678cfb5-tl4xz.obs-system~obs-system.svc.cluster.local",  "zone_name":"us-east1-b"  },  "response_code":"503",  "response_code_details":"via_upstream",  "response_flags":"-",  "route_name":"default",  "severity_number":0,  "severity_text":"",  "start_time":"2022-11-18T15:59:55.958Z",  "time_unix_nano":1668787195958027000,  "upstream_cluster":"inbound|9009||",  "upstream_host":"10.253.132.167:9009",  "upstream_local_address":"127.0.0.6:43899",  "upstream_transport_failure_reason":"-",  "user_agent":"Prometheus/2.29.2",  "username":"-",  "x_envoy_upstream_service_time":"1",  "x_forwarded_for":"-",  "x_goog_api_client":"-",  "x_request_id":"9e942509-9d28-4164-850f-9666b3eb272e" }