Thanks for the reply. Yes I was referring to namespaceSelector, and this was the discussion about AKS using an old version.
I was able to gain ssh access to the node and discovered that it was writing to /var/log/syslog.1 so I modified the deployment and see the calico-packet logs. Does anyone know of any documentation for the syslog fields? It doesn’t appear to have a field for allow or deny in the log. I can guess most of the fields, it just my security team is going to care more about if it was an allow or a deny. These will eventually make it to a log analytics workspace then to splunk for searching.
Dec 22 18:26:49 nodename kernel: [686879.577344] calico-packet: IN=eth0 OUT=azv204d22f3118 MAC=00:22:48:44:62:15:c0:d6:82:94:e6:49:08:00 SRC=172.16.208.33 DST=172.16.208.28 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=25858 DF PROTO=TCP SPT=33374 DPT=8443 WINDOW=64240 RES=0x00 SYN URGP=0
Thanks for any help