# ./bin/fluent-bit -vv -c ../audit.conf Fluent Bit v3.1.7 * Copyright (C) 2015-2024 The Fluent Bit Authors * Fluent Bit is a CNCF sub-project under the umbrella of Fluentd * https://fluentbit.io ______ _ _ ______ _ _ _____ __ | ___| | | | | ___ (_) | |____ |/ | | |_ | |_ _ ___ _ __ | |_ | |_/ /_| |_ __ __ / /`| | | _| | | | | |/ _ \ '_ \| __| | ___ \ | __| \ \ / / \ \ | | | | | | |_| | __/ | | | |_ | |_/ / | |_ \ V /.___/ /_| |_ \_| |_|\__,_|\___|_| |_|\__| \____/|_|\__| \_/ \____(_)___/ [2024/08/30 19:13:34] [ info] Configuration: [2024/08/30 19:13:34] [ info] flush time | 1.000000 seconds [2024/08/30 19:13:34] [ info] grace | 5 seconds [2024/08/30 19:13:34] [ info] daemon | 0 [2024/08/30 19:13:34] [ info] ___________ [2024/08/30 19:13:34] [ info] inputs: [2024/08/30 19:13:34] [ info] tail [2024/08/30 19:13:34] [ info] ___________ [2024/08/30 19:13:34] [ info] filters: [2024/08/30 19:13:34] [ info] ___________ [2024/08/30 19:13:34] [ info] outputs: [2024/08/30 19:13:34] [ info] kinesis_streams.0 [2024/08/30 19:13:34] [ info] ___________ [2024/08/30 19:13:34] [ info] collectors: [2024/08/30 19:13:34] [ info] [fluent bit] version=3.1.7, commit=82799d39ec, pid=4082500 [2024/08/30 19:13:34] [debug] [engine] coroutine stack size: 24576 bytes (24.0K) [2024/08/30 19:13:34] [ info] [storage] ver=1.5.2, type=memory, sync=normal, checksum=off, max_chunks_up=128 [2024/08/30 19:13:34] [ info] [cmetrics] version=0.9.4 [2024/08/30 19:13:34] [ info] [ctraces ] version=0.5.5 [2024/08/30 19:13:34] [ info] [input:tail:tail.0] initializing [2024/08/30 19:13:34] [ info] [input:tail:tail.0] storage_strategy='memory' (memory only) [2024/08/30 19:13:34] [debug] [tail:tail.0] created event channels: read=21 write=22 [2024/08/30 19:13:34] [debug] [input:tail:tail.0] flb_tail_fs_inotify_init() initializing inotify tail input [2024/08/30 19:13:34] [debug] [input:tail:tail.0] inotify watch fd=27 [2024/08/30 19:13:34] [debug] [input:tail:tail.0] scanning path /var/log/kubernetes/audit/audit.log [2024/08/30 19:13:34] [debug] [input:tail:tail.0] file will be read in POSIX_FADV_DONTNEED mode /var/log/kubernetes/audit/audit.log [2024/08/30 19:13:34] [debug] [input:tail:tail.0] inode=131074 with offset=701104033 appended as /var/log/kubernetes/audit/audit.log [2024/08/30 19:13:34] [debug] [input:tail:tail.0] scan_glob add(): /var/log/kubernetes/audit/audit.log, inode 131074 [2024/08/30 19:13:34] [debug] [input:tail:tail.0] 1 new files found on path '/var/log/kubernetes/audit/audit.log' [2024/08/30 19:13:34] [debug] [kinesis_streams:kinesis_streams.0] created event channels: read=29 write=30 [2024/08/30 19:13:34] [debug] [output:kinesis_streams:kinesis_streams.0] Retrieved port from ins->host.port: 8443 [2024/08/30 19:13:34] [debug] [output:kinesis_streams:kinesis_streams.0] Setting port to: 8443 [2024/08/30 19:13:34] [debug] [aws_credentials] Initialized Env Provider in standard chain [2024/08/30 19:13:34] [debug] [aws_credentials] creating profile (null) provider [2024/08/30 19:13:34] [debug] [aws_credentials] Initialized AWS Profile Provider in standard chain [2024/08/30 19:13:34] [debug] [aws_credentials] Not initializing EKS provider because AWS_ROLE_ARN was not set [2024/08/30 19:13:34] [debug] [aws_credentials] Not initializing ECS Provider because AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is not set [2024/08/30 19:13:34] [debug] [aws_credentials] Initialized EC2 Provider in standard chain [2024/08/30 19:13:34] [debug] [aws_credentials] Sync called on the EC2 provider [2024/08/30 19:13:34] [debug] [aws_credentials] Init called on the env provider [2024/08/30 19:13:34] [debug] [aws_credentials] upstream_set called on the EC2 provider [2024/08/30 19:13:34] [ info] [sp] stream processor started [2024/08/30 19:13:34] [debug] [input:tail:tail.0] inode=131074 file=/var/log/kubernetes/audit/audit.log promote to TAIL_EVENT [2024/08/30 19:13:34] [ info] [input:tail:tail.0] inotify_fs_add(): inode=131074 watch_fd=1 name=/var/log/kubernetes/audit/audit.log [2024/08/30 19:13:34] [debug] [input:tail:tail.0] [static files] processed 0b, done [2024/08/30 19:13:34] [ info] [output:kinesis_streams:kinesis_streams.0] worker #0 started [2024/08/30 19:13:35] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:35] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:35] [debug] [task] created task=0x7fdc5603bd20 id=0 OK [2024/08/30 19:13:35] [debug] [output:kinesis_streams:kinesis_streams.0] task_id=0 assigned to thread #0 [2024/08/30 19:13:35] [debug] [output:kinesis_streams:kinesis_streams.0] kinesis:PutRecords: events=2, payload=3167 bytes [2024/08/30 19:13:35] [debug] [output:kinesis_streams:kinesis_streams.0] Sending log records to stream /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:35] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is connected [2024/08/30 19:13:35] [debug] [http_client] not using http_proxy for header [2024/08/30 19:13:35] [debug] [aws_credentials] Requesting credentials from the env provider.. [2024/08/30 19:13:35] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:35] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:35] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is now available [2024/08/30 19:13:35] [debug] [output:kinesis_streams:kinesis_streams.0] PutRecords http status=200 [2024/08/30 19:13:35] [debug] [output:kinesis_streams:kinesis_streams.0] Sent events to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:35] [debug] [output:kinesis_streams:kinesis_streams.0] Processed 2 records, sent 2 to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:35] [debug] [out flush] cb_destroy coro_id=0 [2024/08/30 19:13:35] [debug] [task] destroy task=0x7fdc5603bd20 (task_id=0) [2024/08/30 19:13:35] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:35] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:35] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:35] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:35] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:35] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:35] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:35] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:35] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:35] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:35] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:35] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:36] [debug] [task] created task=0x7fdc5603bd20 id=0 OK [2024/08/30 19:13:36] [debug] [output:kinesis_streams:kinesis_streams.0] task_id=0 assigned to thread #0 [2024/08/30 19:13:36] [debug] [output:kinesis_streams:kinesis_streams.0] kinesis:PutRecords: events=14, payload=20877 bytes [2024/08/30 19:13:36] [debug] [output:kinesis_streams:kinesis_streams.0] Sending log records to stream /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:36] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 has been assigned (recycled) [2024/08/30 19:13:36] [debug] [http_client] not using http_proxy for header [2024/08/30 19:13:36] [debug] [aws_credentials] Requesting credentials from the env provider.. [2024/08/30 19:13:36] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is now available [2024/08/30 19:13:36] [debug] [output:kinesis_streams:kinesis_streams.0] PutRecords http status=200 [2024/08/30 19:13:36] [debug] [output:kinesis_streams:kinesis_streams.0] Sent events to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:36] [debug] [output:kinesis_streams:kinesis_streams.0] Processed 14 records, sent 14 to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:36] [debug] [out flush] cb_destroy coro_id=1 [2024/08/30 19:13:36] [debug] [task] destroy task=0x7fdc5603bd20 (task_id=0) [2024/08/30 19:13:36] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:36] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:36] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:36] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:36] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:36] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:37] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:37] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:37] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:37] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:37] [debug] [task] created task=0x7fdc5603bdc0 id=0 OK [2024/08/30 19:13:37] [debug] [output:kinesis_streams:kinesis_streams.0] task_id=0 assigned to thread #0 [2024/08/30 19:13:37] [debug] [output:kinesis_streams:kinesis_streams.0] kinesis:PutRecords: events=10, payload=15563 bytes [2024/08/30 19:13:37] [debug] [output:kinesis_streams:kinesis_streams.0] Sending log records to stream /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:37] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 has been assigned (recycled) [2024/08/30 19:13:37] [debug] [http_client] not using http_proxy for header [2024/08/30 19:13:37] [debug] [aws_credentials] Requesting credentials from the env provider.. [2024/08/30 19:13:37] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is now available [2024/08/30 19:13:37] [debug] [output:kinesis_streams:kinesis_streams.0] PutRecords http status=200 [2024/08/30 19:13:37] [debug] [output:kinesis_streams:kinesis_streams.0] Sent events to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:37] [debug] [output:kinesis_streams:kinesis_streams.0] Processed 10 records, sent 10 to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:37] [debug] [task] destroy task=0x7fdc5603bdc0 (task_id=0) [2024/08/30 19:13:37] [debug] [out flush] cb_destroy coro_id=2 [2024/08/30 19:13:37] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:37] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:37] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:37] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:37] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:37] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:38] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:38] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:38] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:38] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:38] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:38] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:38] [debug] [task] created task=0x7fdc5603bd20 id=0 OK [2024/08/30 19:13:38] [debug] [output:kinesis_streams:kinesis_streams.0] task_id=0 assigned to thread #0 [2024/08/30 19:13:38] [debug] [output:kinesis_streams:kinesis_streams.0] kinesis:PutRecords: events=12, payload=16297 bytes [2024/08/30 19:13:38] [debug] [output:kinesis_streams:kinesis_streams.0] Sending log records to stream /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:38] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 has been assigned (recycled) [2024/08/30 19:13:38] [debug] [http_client] not using http_proxy for header [2024/08/30 19:13:38] [debug] [aws_credentials] Requesting credentials from the env provider.. [2024/08/30 19:13:38] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is now available [2024/08/30 19:13:38] [debug] [output:kinesis_streams:kinesis_streams.0] PutRecords http status=200 [2024/08/30 19:13:38] [debug] [output:kinesis_streams:kinesis_streams.0] Sent events to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:38] [debug] [output:kinesis_streams:kinesis_streams.0] Processed 12 records, sent 12 to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:38] [debug] [out flush] cb_destroy coro_id=3 [2024/08/30 19:13:38] [debug] [task] destroy task=0x7fdc5603bd20 (task_id=0) [2024/08/30 19:13:38] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:38] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:38] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:38] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:38] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:38] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:38] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:38] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:39] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:39] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:39] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:39] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:39] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:39] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:39] [debug] [task] created task=0x7fdc5603bdc0 id=0 OK [2024/08/30 19:13:39] [debug] [output:kinesis_streams:kinesis_streams.0] task_id=0 assigned to thread #0 [2024/08/30 19:13:39] [debug] [output:kinesis_streams:kinesis_streams.0] kinesis:PutRecords: events=14, payload=21126 bytes [2024/08/30 19:13:39] [debug] [output:kinesis_streams:kinesis_streams.0] Sending log records to stream /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:39] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 has been assigned (recycled) [2024/08/30 19:13:39] [debug] [http_client] not using http_proxy for header [2024/08/30 19:13:39] [debug] [aws_credentials] Requesting credentials from the env provider.. [2024/08/30 19:13:39] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is now available [2024/08/30 19:13:39] [debug] [output:kinesis_streams:kinesis_streams.0] PutRecords http status=200 [2024/08/30 19:13:39] [debug] [output:kinesis_streams:kinesis_streams.0] Sent events to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:39] [debug] [output:kinesis_streams:kinesis_streams.0] Processed 14 records, sent 14 to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:39] [debug] [out flush] cb_destroy coro_id=4 [2024/08/30 19:13:39] [debug] [task] destroy task=0x7fdc5603bdc0 (task_id=0) [2024/08/30 19:13:39] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:39] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:39] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:39] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:39] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:39] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:40] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:40] [debug] [task] created task=0x7fdc5603bd20 id=0 OK [2024/08/30 19:13:40] [debug] [output:kinesis_streams:kinesis_streams.0] task_id=0 assigned to thread #0 [2024/08/30 19:13:40] [debug] [output:kinesis_streams:kinesis_streams.0] kinesis:PutRecords: events=7, payload=10835 bytes [2024/08/30 19:13:40] [debug] [output:kinesis_streams:kinesis_streams.0] Sending log records to stream /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:40] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 has been assigned (recycled) [2024/08/30 19:13:40] [debug] [http_client] not using http_proxy for header [2024/08/30 19:13:40] [debug] [aws_credentials] Requesting credentials from the env provider.. [2024/08/30 19:13:40] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is now available [2024/08/30 19:13:40] [debug] [output:kinesis_streams:kinesis_streams.0] PutRecords http status=200 [2024/08/30 19:13:40] [debug] [output:kinesis_streams:kinesis_streams.0] Sent events to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:40] [debug] [output:kinesis_streams:kinesis_streams.0] Processed 7 records, sent 7 to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:40] [debug] [task] destroy task=0x7fdc5603bd20 (task_id=0) [2024/08/30 19:13:40] [debug] [out flush] cb_destroy coro_id=5 [2024/08/30 19:13:40] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:40] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:40] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:40] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:41] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:41] [debug] [task] created task=0x7fdc5603bdc0 id=0 OK [2024/08/30 19:13:41] [debug] [output:kinesis_streams:kinesis_streams.0] task_id=0 assigned to thread #0 [2024/08/30 19:13:41] [debug] [output:kinesis_streams:kinesis_streams.0] kinesis:PutRecords: events=5, payload=7970 bytes [2024/08/30 19:13:41] [debug] [output:kinesis_streams:kinesis_streams.0] Sending log records to stream /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:41] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 has been assigned (recycled) [2024/08/30 19:13:41] [debug] [http_client] not using http_proxy for header [2024/08/30 19:13:41] [debug] [aws_credentials] Requesting credentials from the env provider.. [2024/08/30 19:13:41] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:41] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is now available [2024/08/30 19:13:41] [debug] [output:kinesis_streams:kinesis_streams.0] PutRecords http status=200 [2024/08/30 19:13:41] [debug] [output:kinesis_streams:kinesis_streams.0] Sent events to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:41] [debug] [output:kinesis_streams:kinesis_streams.0] Processed 5 records, sent 5 to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:41] [debug] [out flush] cb_destroy coro_id=6 [2024/08/30 19:13:41] [debug] [task] destroy task=0x7fdc5603bdc0 (task_id=0) [2024/08/30 19:13:41] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:41] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:41] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:41] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:41] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:41] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:41] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:41] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:42] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:42] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:42] [debug] [task] created task=0x7fdc5603bdc0 id=0 OK [2024/08/30 19:13:42] [debug] [output:kinesis_streams:kinesis_streams.0] task_id=0 assigned to thread #0 [2024/08/30 19:13:42] [debug] [output:kinesis_streams:kinesis_streams.0] kinesis:PutRecords: events=11, payload=16958 bytes [2024/08/30 19:13:42] [debug] [output:kinesis_streams:kinesis_streams.0] Sending log records to stream /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:42] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 has been assigned (recycled) [2024/08/30 19:13:42] [debug] [http_client] not using http_proxy for header [2024/08/30 19:13:42] [debug] [aws_credentials] Requesting credentials from the env provider.. [2024/08/30 19:13:42] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is now available [2024/08/30 19:13:42] [debug] [output:kinesis_streams:kinesis_streams.0] PutRecords http status=200 [2024/08/30 19:13:42] [debug] [output:kinesis_streams:kinesis_streams.0] Sent events to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:42] [debug] [output:kinesis_streams:kinesis_streams.0] Processed 11 records, sent 11 to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:42] [debug] [out flush] cb_destroy coro_id=7 [2024/08/30 19:13:42] [debug] [task] destroy task=0x7fdc5603bdc0 (task_id=0) [2024/08/30 19:13:42] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:42] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:42] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:42] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:42] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:42] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:43] [debug] [task] created task=0x7fdc5603bc80 id=0 OK [2024/08/30 19:13:43] [debug] [output:kinesis_streams:kinesis_streams.0] task_id=0 assigned to thread #0 [2024/08/30 19:13:43] [debug] [output:kinesis_streams:kinesis_streams.0] kinesis:PutRecords: events=6, payload=9523 bytes [2024/08/30 19:13:43] [debug] [output:kinesis_streams:kinesis_streams.0] Sending log records to stream /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:43] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 has been assigned (recycled) [2024/08/30 19:13:43] [debug] [http_client] not using http_proxy for header [2024/08/30 19:13:43] [debug] [aws_credentials] Requesting credentials from the env provider.. [2024/08/30 19:13:43] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:43] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:43] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:43] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:43] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is now available [2024/08/30 19:13:43] [debug] [output:kinesis_streams:kinesis_streams.0] PutRecords http status=200 [2024/08/30 19:13:43] [debug] [output:kinesis_streams:kinesis_streams.0] Sent events to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:43] [debug] [output:kinesis_streams:kinesis_streams.0] Processed 6 records, sent 6 to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:43] [debug] [out flush] cb_destroy coro_id=8 [2024/08/30 19:13:43] [debug] [task] destroy task=0x7fdc5603bc80 (task_id=0) [2024/08/30 19:13:43] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:43] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:43] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:43] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:43] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:43] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:43] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:43] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:43] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:44] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:44] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:44] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:44] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:44] [debug] [task] created task=0x7fdc5603bc80 id=0 OK [2024/08/30 19:13:44] [debug] [output:kinesis_streams:kinesis_streams.0] task_id=0 assigned to thread #0 [2024/08/30 19:13:44] [debug] [output:kinesis_streams:kinesis_streams.0] kinesis:PutRecords: events=17, payload=27411 bytes [2024/08/30 19:13:44] [debug] [output:kinesis_streams:kinesis_streams.0] Sending log records to stream /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:44] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 has been assigned (recycled) [2024/08/30 19:13:44] [debug] [http_client] not using http_proxy for header [2024/08/30 19:13:44] [debug] [aws_credentials] Requesting credentials from the env provider.. [2024/08/30 19:13:44] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is now available [2024/08/30 19:13:44] [debug] [output:kinesis_streams:kinesis_streams.0] PutRecords http status=200 [2024/08/30 19:13:44] [debug] [output:kinesis_streams:kinesis_streams.0] Sent events to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:44] [debug] [output:kinesis_streams:kinesis_streams.0] Processed 17 records, sent 17 to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:44] [debug] [out flush] cb_destroy coro_id=9 [2024/08/30 19:13:44] [debug] [task] destroy task=0x7fdc5603bc80 (task_id=0) [2024/08/30 19:13:44] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:44] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:44] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:44] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:44] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:44] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:44] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:45] [debug] [task] created task=0x7fdc5603bd20 id=0 OK [2024/08/30 19:13:45] [debug] [output:kinesis_streams:kinesis_streams.0] task_id=0 assigned to thread #0 [2024/08/30 19:13:45] [debug] [output:kinesis_streams:kinesis_streams.0] kinesis:PutRecords: events=7, payload=10771 bytes [2024/08/30 19:13:45] [debug] [output:kinesis_streams:kinesis_streams.0] Sending log records to stream /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:45] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 has been assigned (recycled) [2024/08/30 19:13:45] [debug] [http_client] not using http_proxy for header [2024/08/30 19:13:45] [debug] [aws_credentials] Requesting credentials from the env provider.. [2024/08/30 19:13:45] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:45] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:45] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is now available [2024/08/30 19:13:45] [debug] [output:kinesis_streams:kinesis_streams.0] PutRecords http status=200 [2024/08/30 19:13:45] [debug] [output:kinesis_streams:kinesis_streams.0] Sent events to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:45] [debug] [output:kinesis_streams:kinesis_streams.0] Processed 7 records, sent 7 to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:45] [debug] [out flush] cb_destroy coro_id=10 [2024/08/30 19:13:45] [debug] [task] destroy task=0x7fdc5603bd20 (task_id=0) [2024/08/30 19:13:45] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:45] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:45] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:45] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:45] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:46] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:46] [debug] [task] created task=0x7fdc5603bd20 id=0 OK [2024/08/30 19:13:46] [debug] [output:kinesis_streams:kinesis_streams.0] task_id=0 assigned to thread #0 [2024/08/30 19:13:46] [debug] [output:kinesis_streams:kinesis_streams.0] kinesis:PutRecords: events=8, payload=12430 bytes [2024/08/30 19:13:46] [debug] [output:kinesis_streams:kinesis_streams.0] Sending log records to stream /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:46] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 has been assigned (recycled) [2024/08/30 19:13:46] [debug] [http_client] not using http_proxy for header [2024/08/30 19:13:46] [debug] [aws_credentials] Requesting credentials from the env provider.. [2024/08/30 19:13:46] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is now available [2024/08/30 19:13:46] [debug] [output:kinesis_streams:kinesis_streams.0] PutRecords http status=200 [2024/08/30 19:13:46] [debug] [output:kinesis_streams:kinesis_streams.0] Sent events to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:46] [debug] [output:kinesis_streams:kinesis_streams.0] Processed 8 records, sent 8 to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:46] [debug] [out flush] cb_destroy coro_id=11 [2024/08/30 19:13:46] [debug] [task] destroy task=0x7fdc5603bd20 (task_id=0) [2024/08/30 19:13:46] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:46] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:46] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:46] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:46] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:46] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:47] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:47] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:47] [debug] [task] created task=0x7fdc5603bdc0 id=0 OK [2024/08/30 19:13:47] [debug] [output:kinesis_streams:kinesis_streams.0] task_id=0 assigned to thread #0 [2024/08/30 19:13:47] [debug] [output:kinesis_streams:kinesis_streams.0] kinesis:PutRecords: events=8, payload=12499 bytes [2024/08/30 19:13:47] [debug] [output:kinesis_streams:kinesis_streams.0] Sending log records to stream /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:47] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 has been assigned (recycled) [2024/08/30 19:13:47] [debug] [http_client] not using http_proxy for header [2024/08/30 19:13:47] [debug] [aws_credentials] Requesting credentials from the env provider.. [2024/08/30 19:13:47] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:47] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:47] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is now available [2024/08/30 19:13:47] [debug] [output:kinesis_streams:kinesis_streams.0] PutRecords http status=200 [2024/08/30 19:13:47] [debug] [output:kinesis_streams:kinesis_streams.0] Sent events to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:47] [debug] [output:kinesis_streams:kinesis_streams.0] Processed 8 records, sent 8 to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:47] [debug] [out flush] cb_destroy coro_id=12 [2024/08/30 19:13:47] [debug] [task] destroy task=0x7fdc5603bdc0 (task_id=0) [2024/08/30 19:13:47] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:47] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:47] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:47] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:47] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:47] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:47] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:47] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:47] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:47] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [task] created task=0x7fdc5603bdc0 id=0 OK [2024/08/30 19:13:48] [debug] [output:kinesis_streams:kinesis_streams.0] task_id=0 assigned to thread #0 [2024/08/30 19:13:48] [debug] [output:kinesis_streams:kinesis_streams.0] kinesis:PutRecords: events=20, payload=28367 bytes [2024/08/30 19:13:48] [debug] [output:kinesis_streams:kinesis_streams.0] Sending log records to stream /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:48] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 has been assigned (recycled) [2024/08/30 19:13:48] [debug] [http_client] not using http_proxy for header [2024/08/30 19:13:48] [debug] [aws_credentials] Requesting credentials from the env provider.. [2024/08/30 19:13:48] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is now available [2024/08/30 19:13:48] [debug] [output:kinesis_streams:kinesis_streams.0] PutRecords http status=200 [2024/08/30 19:13:48] [debug] [output:kinesis_streams:kinesis_streams.0] Sent events to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:48] [debug] [task] destroy task=0x7fdc5603bdc0 (task_id=0) [2024/08/30 19:13:48] [debug] [output:kinesis_streams:kinesis_streams.0] Processed 20 records, sent 20 to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:48] [debug] [out flush] cb_destroy coro_id=13 [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:48] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:49] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:49] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:49] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:49] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:49] [debug] [task] created task=0x7fdc5603bc80 id=0 OK [2024/08/30 19:13:49] [debug] [output:kinesis_streams:kinesis_streams.0] kinesis:PutRecords: events=14, payload=21088 bytes [2024/08/30 19:13:49] [debug] [output:kinesis_streams:kinesis_streams.0] task_id=0 assigned to thread #0 [2024/08/30 19:13:49] [debug] [output:kinesis_streams:kinesis_streams.0] Sending log records to stream /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:49] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 has been assigned (recycled) [2024/08/30 19:13:49] [debug] [http_client] not using http_proxy for header [2024/08/30 19:13:49] [debug] [aws_credentials] Requesting credentials from the env provider.. [2024/08/30 19:13:49] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:49] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is now available [2024/08/30 19:13:49] [debug] [output:kinesis_streams:kinesis_streams.0] PutRecords http status=200 [2024/08/30 19:13:49] [debug] [output:kinesis_streams:kinesis_streams.0] Sent events to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:49] [debug] [output:kinesis_streams:kinesis_streams.0] Processed 14 records, sent 14 to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:49] [debug] [out flush] cb_destroy coro_id=14 [2024/08/30 19:13:49] [debug] [task] destroy task=0x7fdc5603bc80 (task_id=0) [2024/08/30 19:13:49] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:49] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:49] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:49] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:49] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:49] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY [2024/08/30 19:13:49] [debug] [input:tail:tail.0] inode=131074, /var/log/kubernetes/audit/audit.log, events: IN_MODIFY ^C[2024/08/30 19:13:50] [engine] caught signal (SIGINT) [2024/08/30 19:13:50] [debug] [task] created task=0x7fdc5603bc80 id=0 OK [2024/08/30 19:13:50] [debug] [output:kinesis_streams:kinesis_streams.0] task_id=0 assigned to thread #0 [2024/08/30 19:13:50] [debug] [output:kinesis_streams:kinesis_streams.0] kinesis:PutRecords: events=8, payload=12454 bytes [2024/08/30 19:13:50] [debug] [output:kinesis_streams:kinesis_streams.0] Sending log records to stream /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:50] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 has been assigned (recycled) [2024/08/30 19:13:50] [debug] [http_client] not using http_proxy for header [2024/08/30 19:13:50] [debug] [aws_credentials] Requesting credentials from the env provider.. [2024/08/30 19:13:50] [ warn] [engine] service will shutdown in max 5 seconds [2024/08/30 19:13:50] [ info] [input] pausing tail.0 [2024/08/30 19:13:50] [debug] [upstream] KA connection #49 to hostname.cloud-preprod.example.com:8443 is now available [2024/08/30 19:13:50] [debug] [output:kinesis_streams:kinesis_streams.0] PutRecords http status=200 [2024/08/30 19:13:50] [debug] [output:kinesis_streams:kinesis_streams.0] Sent events to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:50] [debug] [output:kinesis_streams:kinesis_streams.0] Processed 8 records, sent 8 to /pre-prod/audit-trails-input/topics/data-plane/k8s [2024/08/30 19:13:50] [debug] [out flush] cb_destroy coro_id=15 [2024/08/30 19:13:50] [debug] [task] destroy task=0x7fdc5603bc80 (task_id=0) [2024/08/30 19:13:50] [ info] [engine] service has stopped (0 pending tasks) [2024/08/30 19:13:50] [ info] [input] pausing tail.0 [2024/08/30 19:13:50] [ info] [output:kinesis_streams:kinesis_streams.0] thread worker #0 stopping... [2024/08/30 19:13:50] [ info] [output:kinesis_streams:kinesis_streams.0] thread worker #0 stopped [2024/08/30 19:13:50] [debug] [input:tail:tail.0] inode=131074 removing file name /var/log/kubernetes/audit/audit.log [2024/08/30 19:13:50] [ info] [input:tail:tail.0] inotify_fs_remove(): inode=131074 watch_fd=1