Audit logging

Hi everyone,

i am having issue in enabling audit logs in kibana server i am running kibana server with wazuh ,i have tried multiple options but it is not working

Welcome to our community! :smiley:

Can you show us your Elasticsearch settings?
What license level do you have?

network.host: 0.0.0.0
node.name: node-1
cluster.initial_master_nodes:
- node-1

- node-2

- node-3

discovery.seed_hosts:

- <elasticsearch_ip_node1>

- <elasticsearch_ip_node2>

- <elasticsearch_ip_node3>

cluster.name: wazuh-cluster

opendistro_security.ssl.transport.pemcert_filepath: /etc/Elasticsearch/certs/Elasticsearch.pem
opendistro_security.ssl.transport.pemkey_filepath: /etc/Elasticsearch/certs/Elasticsearch-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: /etc/Elasticsearch/certs/root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.transport.resolve_hostname: false
opendistro_security.ssl.http.enabled: true
opendistro_security.ssl.http.pemcert_filepath: /etc/Elasticsearch/certs/Elasticsearch.pem
opendistro_security.ssl.http.pemkey_filepath: /etc/Elasticsearch/certs/Elasticsearch-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: /etc/Elasticsearch/certs/root-ca.pem
opendistro_security.nodes_dn:

  • CN=node-1,OU=Docu,O=Wazuh,L=California,C=US

- CN=node-2,OU=Docu,O=Wazuh,L=California,C=US

- CN=node-3,OU=Docu,O=Wazuh,L=California,C=US

opendistro_security.authcz.admin_dn:

  • CN=admin,OU=Docu,O=Wazuh,L=California,C=US

opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
node.max_local_storage_nodes: 3

path.data: /var/lib/Elasticsearch
path.logs: /var/log/Elasticsearch

my Elasticsearch configuration and i am using free version

It looks like you are using opensearch, that an aws product that we can't help with sorry.

OpenSearch/OpenDistro are AWS run products and differ from the original Elasticsearch and Kibana products that Elastic builds and maintains. You may need to contact them directly for further assistance.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns :elasticheart: )

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.