Hi,
started to configure amount of logging recently and figured out how to do it in log4j2.properties, like below basic example for testing:
######## Server JSON ############################
appender.rolling.type = RollingFile
appender.rolling.name = rolling
appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_server.json
appender.rolling.layout.type = ESJsonLayout
appender.rolling.layout.type_name = server
appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz
appender.rolling.policies.type = Policies
appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.rolling.policies.time.interval = 1
appender.rolling.policies.time.modulate = true
appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.rolling.policies.size.size = 100KB
appender.rolling.strategy.type = DefaultRolloverStrategy
appender.rolling.strategy.fileIndex = nomax
appender.rolling.strategy.action.type = Delete
appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path}
appender.rolling.strategy.action.condition.type = IfFileName
appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-*
appender.rolling.strategy.action.condition.nested_condition.type = IfAny
appender.rolling.strategy.action.condition.nested_condition.IfLastModified.type = IfLastModified
appender.rolling.strategy.action.condition.nested_condition.IfLastModified.age = 5m
appender.rolling.strategy.action.condition.nested_condition.IfAccumulatedFileCount.type = IfAccumulatedFileCount
appender.rolling.strategy.action.condition.nested_condition.IfAccumulatedFileCount.exceeds = 3
However, found out that audit logging needs to be configured via elasticsearch.yml once these are enabled
xpack.security.enabled: true
xpack.security.audit.enabled: true
https://discuss.elastic.co/t/audit-log-study/167613/8
How to configure audit logging in manners like presented above via log4j2 configuration?
Regards