Last time I upgraded ES to latest version 7.16.3,
The problem which I have is define audit logs,
I have below config:
xpack.security.audit.enabled: true xpack.security.audit.logfile.emit_node_name: true xpack.security.audit.logfile.events.include: "anonymous_access_denied, authentication_success, authentication_failed, realm_authentication_failed, access_denied, run_as_granted, run_as_denied, tampered_request, connection_granted, connection_denied"
the problem which I have - I cannot find audit.log output file, I don't know how to define it,
When I try to use appender:
xpack.security.audit.appender.layout.type: json xpack.security.audit.appender.fileName: /usr/share/elasticsearch/audit.log
I'm getting an error in ES.