Elasticsearch 6.2.3 ,
I am doing a study on the audit log (<clustername>_access.log) what details are registered when an action is done.
I don't see any any different in the access or syslog logs when I change the log level of audits to debug (in ES_HOME/config/x-pack/log4j2.properties) from log level info.
Elasticsearch 6.2.3
There are 2 log4j2.properties files. 1 in config folder and another in config/xpack.
The log4j2.properties file in ES_HOME/config/x-pack contains details about the audit logging and access log rolling.
and the file contains the above details.
I tried to change logger.xpack_security_audit_logfile.level = info -> debug to check how the output in access.log varies from info level.
NOW,
May I know the purpose of this file?
Should I do these changes in ES_HOME/config/log4j2.properties ?
Or where to change the audit log setting from level info to debug.
There is no "VERBOSE" or "DEBUG" or "TRACE" level audit logging if that's what you want. This is not how you control the audit logs, please read the docs.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.