Audit file is empty

Andex · November 18, 2020, 3:35pm

Hi, i enabled Audit on all my elasticsearch.yml :

xpack.security.audit.enabled: true

I have already enabled https and transport inside my cluster.

I don't know why my _audit.json file is empty . The owner - group to the file is elasticsearch:elasticsearch

Help thanks

warkolm · November 18, 2020, 9:44pm

Audit logging is a Gold and above license feature - https://www.elastic.co/subscriptions

What license level do you have?

Andex · November 19, 2020, 8:42am

Platinum license

warkolm · November 19, 2020, 8:49am

You can reach out to your support engineer then, they will be able to help you.

Andex · November 19, 2020, 8:56am

eemh, i'm the engineer, i tried several ways but the file is not populated, i don't know how to fix

dadoonet · November 19, 2020, 11:20am

Mark meant the elastic support.

system · December 17, 2020, 11:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
No audit log file in /usr/share/elasticsearch/logs directory when I opend the audit log configuration Elasticsearch	1	322	January 7, 2022
Audit log file does not appear in the node Elasticsearch	2	473	September 28, 2020
Audit Logs not showing Elasticsearch	1	400	March 30, 2020
Issues with Audit Log Elasticsearch	8	1225	January 4, 2018
Audit logs on ES 7.16.3 Elasticsearch elastic-stack-security	3	422	March 14, 2022