Is there a way to log all dropped verdict by policy deny?

[smeeklai]

Hi

I'd like to log the traffic that got dropped by policy deny. Similar information to when I run hubble observe --verdict DROPPED. Ultimately I'd like to create an alert and/or a dashboard on those information.

[gandro]

Hi, you might be interested in the Hubble metrics collected by Cilium Agent: https://docs.cilium.io/en/stable/observability/metrics/#hubble-metrics

In particular, if you filter the reason label on the drop_total metric, you should get the total number of policy drops.

[smeeklai]

Hi. Right, that's the way to get the total number but I'm looking for something like a structured log like this one where I can find it in a pod or something.