diff --git a/content/en/docs/tasks/debug-application-cluster/audit.md b/content/en/docs/tasks/debug-application-cluster/audit.md index 1f05e076a1..54bf093a14 100644 --- a/content/en/docs/tasks/debug-application-cluster/audit.md +++ b/content/en/docs/tasks/debug-application-cluster/audit.md @@ -191,6 +191,17 @@ and in the logs to monitor the state of the auditing subsystem. - `apiserver_audit_error_total` metric contains the total number of events dropped due to an error during exporting. +### Truncate + +Both log and webhook backends support batching. As an example, the following is the list of flags +available for the log backend: + + - `audit-log-truncate-enabled` whether event and batch truncating is enabled. + - `audit-log-truncate-max-batch-size` maximum size in bytes of the batch sent to the underlying backend. + - `audit-log-truncate-max-event-size` maximum size in bytes of the audit event sent to the underlying backend. + +By default truncate is disabled in both `webhook` and `log`, a cluster administrator should set `audit-log-truncate-enabled` or `audit-webhook-truncate-enabled` to enable the feature. + ## Multi-cluster setup If you're extending the Kubernetes API with the [aggregation layer][kube-aggregator], you can also