Audit logs on ES 7.16.3

Hello,
Last time I upgraded ES to latest version 7.16.3,
The problem which I have is define audit logs,
I have below config:

xpack.security.audit.enabled: true
    xpack.security.audit.logfile.emit_node_name: true
    xpack.security.audit.logfile.events.include: "anonymous_access_denied, authentication_success, authentication_failed, realm_authentication_failed, access_denied, run_as_granted, run_as_denied, tampered_request, connection_granted, connection_denied"

the problem which I have - I cannot find audit.log output file, I don't know how to define it,
When I try to use appender:

xpack.security.audit.appender.layout.type: json
xpack.security.audit.appender.fileName: /usr/share/elasticsearch/audit.log

I'm getting an error in ES.

What error are you getting? Do you have a paid License? Audit Logs needs at least a Gold License.

I have trial license which normally is working for logs in kibana (gold license) but I don't know how to configure ES to point where logs are stored.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.