Hello,
I'm using Elasticsearch by docker-compose. I've set xpack.security.audit.enabled to true, but there is no audit log in the logs folder, but there are gc.log.* files.
Elastic configuration in my docker-compose file is:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.6.2
ports:
- "9200:9200"
depends_on:
- fluentd
environment:
- 'ES_JAVA_OPTS=-Xms2g -Xmx2g'
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- es-data:/usr/share/elasticsearch/data
- ./elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- ./elasticsearch/log:/usr/share/elasticsearch/logs
My Elasticsearch.yml is:
# ------------------------------------ Node ------------------------
#
# Use a descriptive name for the node:
#
node.name: sd-log1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------
#
# Path to directory where to store the data (separate multiple locat
#
#path.data: /usr/share/elasticsearch/data
#/var/lib/elasticsearch
#
# Path to log files:
#
#path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------
#
# Lock the memory on startup:
#
bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory avail
# on the system and that the owner of the process is allowed to use
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memo
#
# ---------------------------------- Network -----------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
http.host: 0.0.0.0
transport.host: 0.0.0.0
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------
#
# Pass an initial list of hosts to perform discovery when this node
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
discovery.type: single-node
#
# Bootstrap the cluster using an initial set of master-eligible node
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation
#
# ---------------------------------- Gateway -----------------------
#
# Block initial recovery after a full cluster restart until N nodes
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
xpack.security.audit.enabled: true
My elastic service works smoothly, but I couldn't get any log file for the audit logs. How can I get these logs?
Thank you.