Audit log file does not appear in the node

In my Elasticsearch cluster (version 7.6.2 - installed using the resource) I have set to true under my nodeSets:

GET /_xpack/usage
    "audit" : {
      "outputs" : [
      "enabled" : true

but no <clustername>_audit.json is created under ES_HOME/logs.

However in my ES_HOME/config/ file I see: =
logger.xpack_security_audit_logfile.level = info
logger.xpack_security_audit_logfile.appenderRef.audit_rolling.ref = audit_rolling
logger.xpack_security_audit_logfile.additivity = false
appender.audit_rolling.type = Console = audit_rolling

Is the audit_rolling.type correct? Do I need any extra configuration?
Thank you.

Audit logging is a Gold license and above feature, so make sure you have the correct license level.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.