Enable audit logging (deployment complains about format)

Elastic Stack Elasticsearch
1

I try to enable logging on elastic cloud deployment. For this I change the cluster configuration and my yml looks like this:

This configuration complains about the fact that "include" should be type of "text" (" * Elasticsearch - 'xpack.security.audit.logfile.events.include': has to be text)

xpack:
  security:
    audit:
      enabled: true
      logfile:
        events:
          include:
            - "anonymous_access_denied"
            - "authentication_failed"

I've also tried (same complain about text type):

xpack:
  security:
    audit:
      enabled: true
      logfile:
        events:
          include: ["anonymous_access_denied", "authentication_failed"]

also tried to do so (the deployment failed):

xpack:
  security:
    audit:
      enabled: true
      logfile:
        events:
          include: "anonymous_access_denied, authentication_failed"

Can you please assist what would be the correct syntax for adding several event types in the audit log?

2

The following should work, without quotes:

xpack.security.audit.logfile.events.include: anonymous_access_denied, authentication_failed

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.