The KES server produces two different kinds of logs.
- Error logs
- Audit logs
The KES server writes an error log event whenever it encounters an unexpected error. For example, when it detects corrupted backend data.
2022/02/18 17:19:47 http: failed to reload certificate "/etc/kes/public.crt": permission denied
The only exception is unexpected errors at the the metrics API endpoint. Otherwise, querying the KES server metrics would change the metrics.
The KES server also produces an audit log stream. The audit log contains one log entry for each server API operation.
The KES server can write error log events to
STDERR and audit log events to
By default, the KES server writes error events to
STDERR but does not write audit events to
This behavior can be changed in the KES server configuration file.
The KES CLI can subscribe to the server log API and pretty-print the log events:
Logs by API
KES exposes error and audit logs as part of its API.
KES clients can connect to the error or audit log stream and obtain new log events remotely via the
kes log command.