I'm trying to enable the auditing for kibana by adding the below configuration in the kibana.yml file
and setting the logging destination option to the /var/log/kibana.log.
After doing all above still the file kibana.log is not created in that directory and no logs are there.
Requirement is to get the user details who are accessing the kibana. I have platinum subcription type for Elasticsearch.
Please guide me how can I enable the auditing for kibana.
Auditing isn't done on the kibana service but on the Elasticsearch service.
Try doing the same but on your elastic node and in
I recommend just adding the
xpack.security.audit.enabled: true and leaving the rest.
You can then find your audit log events in
Which in turn can be ingested by filebeats elasticsearch module for easy searching.
will it provide info of the users who access the kibana?
and after adding xpack.security.audit.enabled: true, do I need to restart the Elasticsearch service?
There is Audit in Kibana as well, not only in Elasticsearch.
Your configuration is correct and issue is probably because the kibana user does not have permissions to write in the
Try to create a
/var/log/kibana/ directory, give the ownership of the directory
/var/log/kibana/ to the
kibana user and change your
logging.dest to point to
After you restart the service Kibana should be able to create the log file.
thanks for the solution, its working now but the logs doesn't shows users' information.
Is there any way to get info of the users who are accessing the kibana tool.
in logs the user-agent will give us the users right?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.