I'm really not sure what is unclear from the answers above. I will restate that:
- the audit logging is not configured in
log4j2.properties
. - the audit logging is configured in
elasticsearch.yml
. - we have detailed documentation on how to control what gets written in the audit log, but you need to read the documentation. I have linked to it.
I have shared the link to our documentation that describes everything and answers your questions 2 times already in the posts above. Once more: Auditing Security Events | X-Pack for the Elastic Stack [6.2] | Elastic
There is no "VERBOSE" or "DEBUG" or "TRACE" level audit logging if that's what you want. This is not how you control the audit logs, please read the docs.