I have two questions I was hoping someone could answer.
Question 1: I am using an elastic cloud deployment running ES 7.17.5. I know how to enable audit logging and ship those logs to my monitoring deployment. I noticed however that this does not use the fully ECS compatible fields. If I was on a standalone cluster I would add an xpack.security.audit.appender to the config, but cloud does not seem to allow this option. How can I enable this in cloud?
Question 2: I have two wholly separate cloud instances, one for monitoring and one that is the production environment. These are NOT under the same cloud account. I would like to ship the production environment clusters logs and metrics to my monitoring environment. Is this possible?
@lreger For Question 1, it's not the most straightforward, but the docs mention:
xpack.security.audit.appender.type
When set to "rolling-file" and xpack.security.audit.enabled is set to true, Kibana ECS audit logs are enabled. Beginning with version 8.0, this setting is no longer necessary for ECS audit log output; it’s only necessary to set xpack.security.audit.enabled to true
You stated:
If I was on a standalone cluster I would add an xpack.security.audit.appender to the config, but cloud does not seem to allow this option. How can I enable this in cloud?
Did you get an error message when attempting to configure xpack.security.audit.appender.type?
For Question 2: I don't believe this is supported at this time.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.