Diagnostic logs in Kubernetes services should be enabled
MEDIUM
Requires diagnostic logging on AKS clusters to capture control plane events and audit logs.
What does this mean?
This recommendation ensures that diagnostic logs are enabled on Azure Kubernetes Service clusters. This includes API server logs, controller manager logs, scheduler logs, and audit logs that are critical for security monitoring.
Benefits of implementation
- Enables detection of suspicious API server activity
- Essential for investigating security incidents in the cluster
- Required for compliance and audit purposes
Drawbacks and considerations
- Significant log volume from busy clusters increases storage costs
- Requires Log Analytics workspace configuration
- Log analysis requires Kubernetes-specific query knowledge
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- MEDIUM
- Category
- Kubernetes / AKS
- Azure Resource
- Frameworks
- 2 frameworks
- Last updated
- 2026-02-12