I try to enable logging on elastic cloud deployment. For this I change the cluster configuration and my yml looks like this:
This configuration complains about the fact that "include" should be type of "text" (" * Elasticsearch - 'xpack.security.audit.logfile.events.include': has to be text)
xpack: security: audit: enabled: true logfile: events: include: - "anonymous_access_denied" - "authentication_failed"
I've also tried (same complain about text type):
xpack: security: audit: enabled: true logfile: events: include: ["anonymous_access_denied", "authentication_failed"]
also tried to do so (the deployment failed):
xpack: security: audit: enabled: true logfile: events: include: "anonymous_access_denied, authentication_failed"
Can you please assist what would be the correct syntax for adding several event types in the audit log?