{"id":2871,"date":"2025-06-26T05:27:29","date_gmt":"2025-06-26T02:27:29","guid":{"rendered":"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/"},"modified":"2025-06-26T05:27:29","modified_gmt":"2025-06-26T02:27:29","slug":"best-practices-for-forwarding-kubernetes-logs-to-siem-solutions","status":"publish","type":"post","link":"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/","title":{"rendered":"Best Practices for Forwarding Kubernetes Logs to SIEM Solutions"},"content":{"rendered":"<p><br \/>\n<\/p>\n<p>As organizations increasingly shift towards cloud-native architectures, managing logs effectively becomes paramount for security, compliance, and operational insights. For teams leveraging Kubernetes, seamlessly integrating logs with Security Information and Event Management (SIEM) solutions is crucial. This article outlines best practices for forwarding Kubernetes logs to SIEM systems, ensuring enhanced observability and security posture.<\/p>\n<p><\/p>\n<h2>1. <strong>Understand Your Logging Requirements<\/strong><\/h2>\n<p><\/p>\n<p>Before diving into log forwarding, it\u2019s vital to understand what you need to log. Different applications may have varying logging needs. Categories of logs include:<\/p>\n<p><\/p>\n<ul><\/p>\n<li><strong>Container Logs<\/strong>: Output from the application running in the container.<\/li>\n<p><\/p>\n<li><strong>Kubernetes System Logs<\/strong>: Logs generated by Kubernetes components, such as kubelet, API server, etc.<\/li>\n<p><\/p>\n<li><strong>Audit Logs<\/strong>: Logs that track user activities and system changes.<\/li>\n<p>\n<\/ul>\n<p><\/p>\n<p>Identify the minimum required logs for your compliance and security needs to avoid excessive data ingestion.<\/p>\n<p><\/p>\n<h2>2. <strong>Choose the Right Logging Solution<\/strong><\/h2>\n<p><\/p>\n<p>Select a log collection and forwarding solution that fits your architecture. Popular solutions include:<\/p>\n<p><\/p>\n<ul><\/p>\n<li><strong>Fluentd\/Fluent Bit<\/strong>: Open-source data collectors that offer flexibility and plugin support.<\/li>\n<p><\/p>\n<li><strong>Logstash<\/strong>: Part of the ELK (Elasticsearch, Logstash, Kibana) stack, ideal for complex transformations.<\/li>\n<p><\/p>\n<li><strong>Promtail<\/strong>: Works with Loki for aggregating and visualizing logs.<\/li>\n<p>\n<\/ul>\n<p><\/p>\n<p>When choosing a solution, consider factors like ease of integration, scalability, and community support.<\/p>\n<p><\/p>\n<h2>3. <strong>Decouple Logs Using Labels and Annotations<\/strong><\/h2>\n<p><\/p>\n<p>Kubernetes provides rich metadata through labels and annotations. Use these to tag logs from different applications and environments. This practice allows your SIEM solution to filter and analyze logs effectively, improving incident response and monitoring.<\/p>\n<p><\/p>\n<p>Example:<br \/>\nyaml<br \/>\napiVersion: v1<br \/>\nkind: Pod<br \/>\nmetadata:<br \/>\nname: my-app<br \/>\nlabels:<br \/>\napp: my-app<br \/>\nenv: production<br \/>\nannotations:<br \/>\nlogging: &quot;enabled&quot;<\/p>\n<p><\/p>\n<h2>4. <strong>Centralize Log Management<\/strong><\/h2>\n<p><\/p>\n<p>Centralizing log management simplifies your architecture, allowing easier access and analysis. Use an aggregation tool to collect logs from all nodes and services before sending them to your SIEM. This can be achieved through sidecar containers, DaemonSets, or agents deployed on each node.<\/p>\n<p><\/p>\n<h3>Example:<\/h3>\n<p><\/p>\n<p>A DaemonSet ensures that a logging agent runs on every node, capturing logs as they are produced.<\/p>\n<p><\/p>\n<p>yaml<br \/>\napiVersion: apps\/v1<br \/>\nkind: DaemonSet<br \/>\nmetadata:<br \/>\nname: fluentd<br \/>\nspec:<br \/>\nselector:<br \/>\nmatchLabels:<br \/>\napp: fluentd<br \/>\ntemplate:<br \/>\nmetadata:<br \/>\nlabels:<br \/>\napp: fluentd<br \/>\nspec:<br \/>\ncontainers:<\/p>\n<p><\/p>\n<ul><\/p>\n<li>name: fluentd<br \/>\nimage: fluent\/fluentd-kubernetes-daemonset:latest<br \/>\nenv:<\/p>\n<ul><\/p>\n<li>name: FLUENT_ELASTICSEARCH_HOST<br \/>\nvalue: &quot;your-siem-server&quot;<br \/>\nvolumeMounts:<\/li>\n<p><\/p>\n<li>name: varlog<br \/>\nmountPath: \/var\/log<\/li>\n<p><\/p>\n<li>name: varlibdockercontainers<br \/>\nmountPath: \/var\/lib\/docker\/containers<br \/>\nreadOnly: true<br \/>\nvolumes:<\/p>\n<ul><\/p>\n<li>name: varlog<br \/>\nhostPath:<br \/>\npath: \/var\/log<\/li>\n<p><\/p>\n<li>name: varlibdockercontainers<br \/>\nhostPath:<br \/>\npath: \/var\/lib\/docker\/containers<\/li>\n<p>\n<\/ul>\n<\/li>\n<p>\n<\/ul>\n<\/li>\n<p>\n<\/ul>\n<p><\/p>\n<h2>5. <strong>Implement Log Rotation and Retention Policies<\/strong><\/h2>\n<p><\/p>\n<p>Kubernetes environments can generate large volumes of logs quickly. It\u2019s essential to implement log rotation and retention policies to manage storage effectively and control costs. Define how long to retain logs based on regulatory requirements and organizational policies.<\/p>\n<p><\/p>\n<h2>6. <strong>Secure Log Data in Transit and At Rest<\/strong><\/h2>\n<p><\/p>\n<p>Security should be a top priority when handling logs. Ensure that logs are encrypted in transit using TLS and at rest in your SIEM solution. Implement access controls to limit who can view and manage logs to guard against unauthorized access.<\/p>\n<p><\/p>\n<h2>7. <strong>Monitor and Alert on Log Data<\/strong><\/h2>\n<p><\/p>\n<p>Leverage the SIEM solution\u2019s capabilities to set up alerts based on log data. This ensures you\u2019re notified of suspicious activities or anomalies in real-time. Create alerting rules based on predefined thresholds, such as spikes in error rates or failed login attempts.<\/p>\n<p><\/p>\n<h2>8. <strong>Regularly Review and Audit Logging Practices<\/strong><\/h2>\n<p><\/p>\n<p>Make it a practice to regularly review your logging setup, including which logs are collected, filtering policies, and data retention strategies. An annual audit helps ensure your logging practices align with compliance requirements and organizational goals.<\/p>\n<p><\/p>\n<h2>Conclusion<\/h2>\n<p><\/p>\n<p>Forwarding logs from Kubernetes to SIEM solutions is a vital aspect of modern cloud-native security and observability practices. By following these best practices\u2014understanding logging requirements, choosing the right solutions, centralizing management, securing data, and regularly reviewing your logging strategy\u2014you can enhance your organization\u2019s capability to respond to threats and manage operational health effectively. Embrace these practices as part of your Kubernetes journey, and bolster your incident response and monitoring processes.<\/p>\n<p><\/p>\n<hr \/>\n<p><\/p>\n<p>For further updates and insights on cloud technology and Kubernetes best practices, stay tuned to WafaTech Blogs!<\/p>\n\n","protected":false},"excerpt":{"rendered":"<p>As organizations increasingly shift towards cloud-native architectures, managing logs effectively becomes paramount for security, compliance, and operational insights. For teams leveraging Kubernetes, seamlessly integrating logs with Security Information and Event Management (SIEM) solutions is crucial. This article outlines best practices for forwarding Kubernetes logs to SIEM systems, ensuring enhanced observability and security posture. 1. Understand [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":2872,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[213],"tags":[609,217,418,237,708,400],"class_list":["post-2871","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kubernetes","tag-forwarding","tag-kubernetes","tag-logs","tag-practices","tag-siem","tag-solutions","et-has-post-format-content","et_post_format-et-post-format-standard"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.5 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Best Practices for Forwarding Kubernetes Logs to SIEM Solutions - WafaTech Blogs<\/title>\n<meta name=\"description\" content=\"Best Practices for Forwarding Kubernetes Logs to SIEM Solutions %\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Best Practices for Forwarding Kubernetes Logs to SIEM Solutions\" \/>\n<meta property=\"og:description\" content=\"Best Practices for Forwarding Kubernetes Logs to SIEM Solutions %\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/\" \/>\n<meta property=\"og:site_name\" content=\"WafaTech Blogs\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/WafaTech\/61560546351289\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-26T02:27:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2221\" \/>\n\t<meta property=\"og:image:height\" content=\"482\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"WafaTech SA\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@wafatech_sa\" \/>\n<meta name=\"twitter:site\" content=\"@wafatech_sa\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"WafaTech SA\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/devops\\\/kubernetes\\\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/devops\\\/kubernetes\\\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\\\/\"},\"author\":{\"name\":\"WafaTech SA\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/person\\\/1a5761fc0feb63ab59d295d7c2648f06\"},\"headline\":\"Best Practices for Forwarding Kubernetes Logs to SIEM Solutions\",\"datePublished\":\"2025-06-26T02:27:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/devops\\\/kubernetes\\\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\\\/\"},\"wordCount\":677,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/devops\\\/kubernetes\\\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/Best-Practices-for-Forwarding-Kubernetes-Logs-to-SIEM-Solutions.png\",\"keywords\":[\"Forwarding\",\"Kubernetes\",\"Logs\",\"Practices\",\"SIEM\",\"Solutions\"],\"articleSection\":[\"Kubernetes\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/wafatech.sa\\\/blog\\\/devops\\\/kubernetes\\\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/devops\\\/kubernetes\\\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\\\/\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/devops\\\/kubernetes\\\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\\\/\",\"name\":\"Best Practices for Forwarding Kubernetes Logs to SIEM Solutions - WafaTech Blogs\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/devops\\\/kubernetes\\\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/devops\\\/kubernetes\\\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/Best-Practices-for-Forwarding-Kubernetes-Logs-to-SIEM-Solutions.png\",\"datePublished\":\"2025-06-26T02:27:29+00:00\",\"description\":\"Best Practices for Forwarding Kubernetes Logs to SIEM Solutions %\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/devops\\\/kubernetes\\\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/wafatech.sa\\\/blog\\\/devops\\\/kubernetes\\\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/devops\\\/kubernetes\\\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\\\/#primaryimage\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/Best-Practices-for-Forwarding-Kubernetes-Logs-to-SIEM-Solutions.png\",\"contentUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/Best-Practices-for-Forwarding-Kubernetes-Logs-to-SIEM-Solutions.png\",\"width\":1024,\"height\":1024,\"caption\":\"Forwarding Logs to SIEM\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/devops\\\/kubernetes\\\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Best Practices for Forwarding Kubernetes Logs to SIEM Solutions\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/\",\"name\":\"WafaTech Blogs\",\"description\":\"Smart Technologies\",\"publisher\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#organization\"},\"alternateName\":\"WafaTech\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#organization\",\"name\":\"WafaTech Blogs\",\"alternateName\":\"WafaTech\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/logo_big.webp\",\"contentUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/logo_big.webp\",\"width\":2221,\"height\":482,\"caption\":\"WafaTech Blogs\"},\"image\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/WafaTech\\\/61560546351289\\\/\",\"https:\\\/\\\/x.com\\\/wafatech_sa\",\"https:\\\/\\\/www.youtube.com\\\/@wafatech-sa\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/wafatech\\\/\"],\"description\":\"WafaTech, a leading Saudi IT services provider, specializes in cloud solutions, connectivity, and ICT services. Offering secure cloud infrastructure, high-speed internet, and ICT solutions like hosting, backup, and disaster recovery, WafaTech operates a Tier 3 data center at KAUST with ISO certifications. Regulated by CST, the company is committed to innovation, security, and customer satisfaction, empowering businesses in the digital age.\",\"email\":\"sales@wafatech.sa\",\"legalName\":\"Al-Wafa Al-Dhakia For Information Technology LLC\",\"foundingDate\":\"2013-01-08\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"11\",\"maxValue\":\"50\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/person\\\/1a5761fc0feb63ab59d295d7c2648f06\",\"name\":\"WafaTech SA\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g\",\"caption\":\"WafaTech SA\"},\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/author\\\/omer-yaseen\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Best Practices for Forwarding Kubernetes Logs to SIEM Solutions - WafaTech Blogs","description":"Best Practices for Forwarding Kubernetes Logs to SIEM Solutions %","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/","og_locale":"en_US","og_type":"article","og_title":"Best Practices for Forwarding Kubernetes Logs to SIEM Solutions","og_description":"Best Practices for Forwarding Kubernetes Logs to SIEM Solutions %","og_url":"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/","og_site_name":"WafaTech Blogs","article_publisher":"https:\/\/www.facebook.com\/people\/WafaTech\/61560546351289\/","article_published_time":"2025-06-26T02:27:29+00:00","og_image":[{"width":2221,"height":482,"url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp","type":"image\/webp"}],"author":"WafaTech SA","twitter_card":"summary_large_image","twitter_creator":"@wafatech_sa","twitter_site":"@wafatech_sa","twitter_misc":{"Written by":"WafaTech SA","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/#article","isPartOf":{"@id":"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/"},"author":{"name":"WafaTech SA","@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/person\/1a5761fc0feb63ab59d295d7c2648f06"},"headline":"Best Practices for Forwarding Kubernetes Logs to SIEM Solutions","datePublished":"2025-06-26T02:27:29+00:00","mainEntityOfPage":{"@id":"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/"},"wordCount":677,"commentCount":0,"publisher":{"@id":"https:\/\/wafatech.sa\/blog\/#organization"},"image":{"@id":"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/#primaryimage"},"thumbnailUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/06\/Best-Practices-for-Forwarding-Kubernetes-Logs-to-SIEM-Solutions.png","keywords":["Forwarding","Kubernetes","Logs","Practices","SIEM","Solutions"],"articleSection":["Kubernetes"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/","url":"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/","name":"Best Practices for Forwarding Kubernetes Logs to SIEM Solutions - WafaTech Blogs","isPartOf":{"@id":"https:\/\/wafatech.sa\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/#primaryimage"},"image":{"@id":"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/#primaryimage"},"thumbnailUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/06\/Best-Practices-for-Forwarding-Kubernetes-Logs-to-SIEM-Solutions.png","datePublished":"2025-06-26T02:27:29+00:00","description":"Best Practices for Forwarding Kubernetes Logs to SIEM Solutions %","breadcrumb":{"@id":"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/#primaryimage","url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/06\/Best-Practices-for-Forwarding-Kubernetes-Logs-to-SIEM-Solutions.png","contentUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/06\/Best-Practices-for-Forwarding-Kubernetes-Logs-to-SIEM-Solutions.png","width":1024,"height":1024,"caption":"Forwarding Logs to SIEM"},{"@type":"BreadcrumbList","@id":"https:\/\/wafatech.sa\/blog\/devops\/kubernetes\/best-practices-for-forwarding-kubernetes-logs-to-siem-solutions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wafatech.sa\/blog\/"},{"@type":"ListItem","position":2,"name":"Best Practices for Forwarding Kubernetes Logs to SIEM Solutions"}]},{"@type":"WebSite","@id":"https:\/\/wafatech.sa\/blog\/#website","url":"https:\/\/wafatech.sa\/blog\/","name":"WafaTech Blogs","description":"Smart Technologies","publisher":{"@id":"https:\/\/wafatech.sa\/blog\/#organization"},"alternateName":"WafaTech","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wafatech.sa\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/wafatech.sa\/blog\/#organization","name":"WafaTech Blogs","alternateName":"WafaTech","url":"https:\/\/wafatech.sa\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp","contentUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp","width":2221,"height":482,"caption":"WafaTech Blogs"},"image":{"@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/WafaTech\/61560546351289\/","https:\/\/x.com\/wafatech_sa","https:\/\/www.youtube.com\/@wafatech-sa","https:\/\/www.linkedin.com\/company\/wafatech\/"],"description":"WafaTech, a leading Saudi IT services provider, specializes in cloud solutions, connectivity, and ICT services. Offering secure cloud infrastructure, high-speed internet, and ICT solutions like hosting, backup, and disaster recovery, WafaTech operates a Tier 3 data center at KAUST with ISO certifications. Regulated by CST, the company is committed to innovation, security, and customer satisfaction, empowering businesses in the digital age.","email":"sales@wafatech.sa","legalName":"Al-Wafa Al-Dhakia For Information Technology LLC","foundingDate":"2013-01-08","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"11","maxValue":"50"}},{"@type":"Person","@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/person\/1a5761fc0feb63ab59d295d7c2648f06","name":"WafaTech SA","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g","caption":"WafaTech SA"},"url":"https:\/\/wafatech.sa\/blog\/author\/omer-yaseen\/"}]}},"jetpack_featured_media_url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/06\/Best-Practices-for-Forwarding-Kubernetes-Logs-to-SIEM-Solutions.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/posts\/2871","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/comments?post=2871"}],"version-history":[{"count":0,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/posts\/2871\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/media\/2872"}],"wp:attachment":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/media?parent=2871"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/categories?post=2871"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/tags?post=2871"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}