Audit logging configuration via elasticsearch.yml

Hi,
started to configure amount of logging recently and figured out how to do it in log4j2.properties, like below basic example for testing:

    ######## Server JSON ############################ 
    appender.rolling.type = RollingFile 
    appender.rolling.name = rolling 
    appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_server.json 
    appender.rolling.layout.type = ESJsonLayout 
    appender.rolling.layout.type_name = server 
     
    appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz 
    appender.rolling.policies.type = Policies 
    appender.rolling.policies.time.type = TimeBasedTriggeringPolicy 
    appender.rolling.policies.time.interval = 1 
    appender.rolling.policies.time.modulate = true 
    appender.rolling.policies.size.type = SizeBasedTriggeringPolicy 
    appender.rolling.policies.size.size = 100KB 
    appender.rolling.strategy.type = DefaultRolloverStrategy 
    appender.rolling.strategy.fileIndex = nomax 
    appender.rolling.strategy.action.type = Delete 
    appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path} 
    appender.rolling.strategy.action.condition.type = IfFileName 
    appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-* 
    appender.rolling.strategy.action.condition.nested_condition.type = IfAny 
    appender.rolling.strategy.action.condition.nested_condition.IfLastModified.type = IfLastModified 
    appender.rolling.strategy.action.condition.nested_condition.IfLastModified.age = 5m 
    appender.rolling.strategy.action.condition.nested_condition.IfAccumulatedFileCount.type = IfAccumulatedFileCount 
    appender.rolling.strategy.action.condition.nested_condition.IfAccumulatedFileCount.exceeds = 3

However, found out that audit logging needs to be configured via elasticsearch.yml once these are enabled
xpack.security.enabled: true
xpack.security.audit.enabled: true
https://discuss.elastic.co/t/audit-log-study/167613/8

How to configure audit logging in manners like presented above via log4j2 configuration?

Regards

any hint on audit logging config would be appreciated :question:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.