Audit log study

I'm really not sure what is unclear from the answers above. I will restate that:

  • the audit logging is not configured in log4j2.properties.
  • the audit logging is configured in elasticsearch.yml.
  • we have detailed documentation on how to control what gets written in the audit log, but you need to read the documentation. I have linked to it.

I have shared the link to our documentation that describes everything and answers your questions 2 times already in the posts above. Once more: Auditing Security Events | X-Pack for the Elastic Stack [6.2] | Elastic

There is no "VERBOSE" or "DEBUG" or "TRACE" level audit logging if that's what you want. This is not how you control the audit logs, please read the docs.

1 Like