Audit hostname?


Just enabled auditing and noticed in the .security-audit index that the node_host_name is always the ip address of the node. Not sure, but isn't this supposed to be the hostname of the node? the node_name also seems to be empty?

In /etc/elasticsearch/elasticsearch.yml I have defined: ${HOSTNAME}

and true [ index, logfile ] index: number_of_shards: 1 number_of_replicas: 1

The .monitoring indexes do seem to list the hostname in field.

Am I missing something?



HI @willemdh,

Sorry for the delay in response. What version are you seeing this on? Any more details about your setup would be much appreciated.


Np, well in the meantime we reinstalled the system and I'm not yet to the auditing part. I'll update this post once I've configured auditing.



This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.