Audit logs on ES 7.16.3

dominbdg · February 14, 2022, 8:13pm

Hello,
Last time I upgraded ES to latest version 7.16.3,
The problem which I have is define audit logs,
I have below config:

xpack.security.audit.enabled: true
    xpack.security.audit.logfile.emit_node_name: true
    xpack.security.audit.logfile.events.include: "anonymous_access_denied, authentication_success, authentication_failed, realm_authentication_failed, access_denied, run_as_granted, run_as_denied, tampered_request, connection_granted, connection_denied"

the problem which I have - I cannot find audit.log output file, I don't know how to define it,
When I try to use appender:

xpack.security.audit.appender.layout.type: json
xpack.security.audit.appender.fileName: /usr/share/elasticsearch/audit.log

I'm getting an error in ES.

leandrojmp · February 14, 2022, 8:41pm

What error are you getting? Do you have a paid License? Audit Logs needs at least a Gold License.

dominbdg · February 14, 2022, 9:30pm

I have trial license which normally is working for logs in kibana (gold license) but I don't know how to configure ES to point where logs are stored.

system · March 14, 2022, 9:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ELK 7.3 Elasticsearch	4	373	April 9, 2020
Audit log file does not appear in the node Elasticsearch	2	475	September 28, 2020
Xpack.security.audit.outputs: [ index, logfile ] in 7.x? Elasticsearch	1	751	February 6, 2020
Audit logging in elasticsearch Elasticsearch	7	424	July 23, 2020
Audit authentication failed Elasticsearch	1	511	February 21, 2020

Audit logs on ES 7.16.3

Related topics