Since we switched to the new log timestamp format, swift-drive-audit is not able to parse kern logs anymore since legacy format is hardcoded in script.
So in order to allow kern.log to be pushed to Elastic stack & having swift-drive-audit happy we copy the logs from /var/log/kern.log to /var/log/kern-legacy.log applying legacy timestamp.
Legacy format :
May 10 14:03:45 od-2fc876 swfit-drive-audit: messageISO8601 timestamp
2021-05-10T14:03:45.311769+02:00 od-2fc876 swfit-drive-audit: messagescope : swiftstores & swiftproxies