I added
xpack.security.audit.enabled: true
to my elasticsearch.yml
I expected to see cluster-name_audit.log, but I found cluster_name_access.log. I finally found doc explaining there should be both files, but I can't find any audit.log.
I guess the files would be the same, just duplicated?
The name of the audit log file was changed to <clustername>_index.login version 6.5, before that the file was named <clustername>_access.log but we kept the old file name around for compatibility reasons.
As mentioned in the doc you linked above (which is for version 6.6)
For backwards compatibility reasons, a file named
<clustername>_access.logis also generated.
This means that since you only see <clustername>_access.log, you are probably running Elasticsearch on a version before 6.5 and there is nothing wrong, or nothing more you need to do.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.