Environment


Aqua CSP (all versions where the Journal integration is available)

Linux systems where journalctl is available. 

The deployment steps will only show two use cases: docker-compose and Kubernetes.

 

Solution


In order for the integration to fully send the relevant log streams (aquasec) to journactl two directories must be added as volumes in the Aqua Server and Aqua Gateway deployment files.


 
/dev/shm (location of the journal database)
/var/run (location of the journal socket)

 

Deployment Steps


- docker-compose [1]


    volumes:
      - /dev/shm:/dev/shm
      - /var/run:/var/run


- Kubernetes [2]


        volumeMounts:
        - mountPath: /dev/shm
          name: journal-db
        - mountPath: /var/run
          name: journal-socket
      volumes:
      - name: journal-db
        hostPath:
          /dev/shm
      - name: journal-socket
        hostPath:
          path: /var/run/


 

Related information


[1] https://docs.docker.com/compose/compose-file/#volumes

[2] https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/