mtudisco
June 24, 2020, 7:22pm
1
Hi,
xpack.security.audit.enabled: true
xpack.security.audit.logfile.emit_node_host_address: true
Then i try to make some request to see if it is auditing, i execute:
curl --noproxy 192.168.90.226 --cacert /etc/elasticsearch/certs/ca.crt -u elastic -XGET https://192.168.90.226:9200/_cat/nodes?v
when prompted for password i put the correct one and in another try a wrong password. Nothing is generated in the es-cluster_audit.json file on any node.
I'm using elasticsearch 7.4.
Any idea why i'm not getting a failed login?
thanks
warkolm
June 24, 2020, 9:58pm
2
What license do you have?
Audit logging is Gold and above - https://www.elastic.co/subscriptions
mtudisco
June 24, 2020, 10:27pm
3
I'm using the free license, but auditing is part of xpack and xpack is now open
We've opened the code for X-Pack features: security, alerting, monitoring, reporting, graph analytics, dedicated APM UIs, and machine learning.
Shouldnt it work?
warkolm
June 24, 2020, 10:29pm
4
If you check that last link you'll see there's a difference based on license levels.
mtudisco
June 25, 2020, 12:36am
5
so you are saying that even though auditing is part of xpack and xpack is now open, auditing requires gold license, as well as for instance Active Directory integration?
warkolm
June 25, 2020, 12:59am
6
Yep, that has always been the case.
dadoonet
June 25, 2020, 5:45am
7
While the code for X-Pack is available in a public repository, we do not claim that it is "Open Source" . See Subscriptions about the different features available.
The default distribution of Elasticsearch includes all of X-Pack, but the default license is "basic".
You can activate a free trial of the commercial features via Kibana (Management -> License) or via the API .
system
July 23, 2020, 5:45am
8
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.