Is there a way to log all dropped verdict by policy deny?

Question

Is there a way to log all dropped verdict by policy deny?

smeeklai opened this issue 8 months ago · comments

Hi

I'd like to log the traffic that got dropped by policy deny. Similar information to when I run hubble observe --verdict DROPPED. Ultimately I'd like to create an alert and/or a dashboard on those information.

Sebastian Wicki · Answer 1 · Wed Dec 20 2023 00:00:26 GMT+0800 (China Standard Time)

Hi, you might be interested in the Hubble metrics collected by Cilium Agent: https://docs.cilium.io/en/stable/observability/metrics/#hubble-metrics

In particular, if you filter the reason label on the drop_total metric, you should get the total number of policy drops.

smeeklai · Answer 2 · Wed Dec 20 2023 14:46:34 GMT+0800 (China Standard Time)

Hi. Right, that's the way to get the total number but I'm looking for something like a structured log like this one where I can find it in a pod or something.