Audit logging

kartika23 · May 6, 2022, 6:11am

Hi everyone,

i am having issue in enabling audit logs in kibana server i am running kibana server with wazuh ,i have tried multiple options but it is not working

warkolm · May 6, 2022, 7:01am

Welcome to our community!

Can you show us your Elasticsearch settings?
What license level do you have?

kartika23 · May 6, 2022, 7:07am

network.host: 0.0.0.0
node.name: node-1
cluster.initial_master_nodes:
- node-1

- node-2

- node-3

discovery.seed_hosts:

- <elasticsearch_ip_node1>

- <elasticsearch_ip_node2>

- <elasticsearch_ip_node3>

cluster.name: wazuh-cluster

opendistro_security.ssl.transport.pemcert_filepath: /etc/Elasticsearch/certs/Elasticsearch.pem
opendistro_security.ssl.transport.pemkey_filepath: /etc/Elasticsearch/certs/Elasticsearch-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: /etc/Elasticsearch/certs/root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.transport.resolve_hostname: false
opendistro_security.ssl.http.enabled: true
opendistro_security.ssl.http.pemcert_filepath: /etc/Elasticsearch/certs/Elasticsearch.pem
opendistro_security.ssl.http.pemkey_filepath: /etc/Elasticsearch/certs/Elasticsearch-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: /etc/Elasticsearch/certs/root-ca.pem
opendistro_security.nodes_dn:

CN=node-1,OU=Docu,O=Wazuh,L=California,C=US

- CN=node-2,OU=Docu,O=Wazuh,L=California,C=US

- CN=node-3,OU=Docu,O=Wazuh,L=California,C=US

opendistro_security.authcz.admin_dn:

CN=admin,OU=Docu,O=Wazuh,L=California,C=US

opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
node.max_local_storage_nodes: 3

path.data: /var/lib/Elasticsearch
path.logs: /var/log/Elasticsearch

kartika23 · May 6, 2022, 7:07am

my Elasticsearch configuration and i am using free version

warkolm · May 6, 2022, 7:16am

It looks like you are using opensearch, that an aws product that we can't help with sorry.

system · May 6, 2022, 7:16am

OpenSearch/OpenDistro are AWS run products and differ from the original Elasticsearch and Kibana products that Elastic builds and maintains. You may need to contact them directly for further assistance.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )

system · June 3, 2022, 7:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana not working// Elasticsearch host Kibana	9	764	July 26, 2023
Issue on Letsencrypt SSL kibana Kibana	3	1182	February 5, 2021
Kibana can not connect to Elasticsearch cluster Kibana	6	10092	July 31, 2020
Unable to access https://localhost:9200, issue with Elastic User Elasticsearch elastic-stack-security	6	1293	May 6, 2021
LogStash 403 error to Elastic Logstash docker	10	239	July 21, 2024