Audit hostname?

willemdh · May 9, 2017, 1:48pm

Hello,

Just enabled auditing and noticed in the .security-audit index that the node_host_name is always the ip address of the node. Not sure, but isn't this supposed to be the hostname of the node? the node_name also seems to be empty?

In /etc/elasticsearch/elasticsearch.yml I have defined:

node.name: ${HOSTNAME}

and

xpack.security.audit.enabled: true xpack.security.audit.outputs: [ index, logfile ] xpack.security.audit.index.settings: index: number_of_shards: 1 number_of_replicas: 1

The .monitoring indexes do seem to list the hostname in source_node.name field.

Am I missing something?

Grtz

Willem

jaymode · June 5, 2017, 3:05pm

HI @willemdh,

Sorry for the delay in response. What version are you seeing this on? Any more details about your setup would be much appreciated.

Jay

willemdh · June 5, 2017, 3:33pm

Np, well in the meantime we reinstalled the system and I'm not yet to the auditing part. I'll update this post once I've configured auditing.

Grtz

Willem

system · July 3, 2017, 3:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.