Audit file is empty

Andex · November 18, 2020, 3:35pm

Hi, i enabled Audit on all my elasticsearch.yml :

xpack.security.audit.enabled: true

I have already enabled https and transport inside my cluster.

I don't know why my _audit.json file is empty . The owner - group to the file is elasticsearch:elasticsearch

Help thanks

warkolm · November 18, 2020, 9:44pm

Audit logging is a Gold and above license feature - https://www.elastic.co/subscriptions

What license level do you have?

Andex · November 19, 2020, 8:42am

Platinum license

warkolm · November 19, 2020, 8:49am

You can reach out to your support engineer then, they will be able to help you.

Andex · November 19, 2020, 8:56am

eemh, i'm the engineer, i tried several ways but the file is not populated, i don't know how to fix

dadoonet · November 19, 2020, 11:20am

Mark meant the elastic support.

system · December 17, 2020, 11:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
No audit log file in /usr/share/elasticsearch/logs directory when I opend the audit log configuration Elasticsearch	1	362	January 7, 2022
Audit logging doesn't work for Elasticsearch Elasticsearch	2	615	July 13, 2020
Audit log file does not appear in the node Elasticsearch	2	524	September 28, 2020
Audit logging in elasticsearch Elasticsearch	7	467	July 23, 2020
ELK 7.3 Elasticsearch	4	393	April 9, 2020