Audit hostname?


(Willemdh) #1

Hello,

Just enabled auditing and noticed in the .security-audit index that the node_host_name is always the ip address of the node. Not sure, but isn't this supposed to be the hostname of the node? the node_name also seems to be empty?

In /etc/elasticsearch/elasticsearch.yml I have defined:

node.name: ${HOSTNAME}

and

xpack.security.audit.enabled: true xpack.security.audit.outputs: [ index, logfile ] xpack.security.audit.index.settings: index: number_of_shards: 1 number_of_replicas: 1

The .monitoring indexes do seem to list the hostname in source_node.name field.

Am I missing something?

Grtz

Willem


(Jay Modi) #2

HI @willemdh,

Sorry for the delay in response. What version are you seeing this on? Any more details about your setup would be much appreciated.

Jay


(Willemdh) #3

Np, well in the meantime we reinstalled the system and I'm not yet to the auditing part. I'll update this post once I've configured auditing.

Grtz

Willem


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.