Audit hostname?

(Willemdh) #1


Just enabled auditing and noticed in the .security-audit index that the node_host_name is always the ip address of the node. Not sure, but isn't this supposed to be the hostname of the node? the node_name also seems to be empty?

In /etc/elasticsearch/elasticsearch.yml I have defined: ${HOSTNAME}

and true [ index, logfile ] index: number_of_shards: 1 number_of_replicas: 1

The .monitoring indexes do seem to list the hostname in field.

Am I missing something?



(Jay Modi) #2

HI @willemdh,

Sorry for the delay in response. What version are you seeing this on? Any more details about your setup would be much appreciated.


(Willemdh) #3

Np, well in the meantime we reinstalled the system and I'm not yet to the auditing part. I'll update this post once I've configured auditing.



(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.