In my Elasticsearch cluster (version 7.6.2 - installed using the elasticsearch.k8s.elastic.co/v1 resource) I have set xpack.security.audit.enabled
to true
under my nodeSets
:
GET /_xpack/usage
...
"audit" : {
"outputs" : [
"logfile"
],
"enabled" : true
},
...
but no <clustername>_audit.json
is created under ES_HOME/logs
.
However in my ES_HOME/config/log4j2.properties
file I see:
logger.xpack_security_audit_logfile.name = org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail
logger.xpack_security_audit_logfile.level = info
logger.xpack_security_audit_logfile.appenderRef.audit_rolling.ref = audit_rolling
logger.xpack_security_audit_logfile.additivity = false
appender.audit_rolling.type = Console
appender.audit_rolling.name = audit_rolling
Is the audit_rolling.type
correct? Do I need any extra configuration?
Thank you.