Error when enabling Kibana ECS Audit

preetish_P · June 9, 2021, 10:05pm

Hi All,

We recently upgraded to ES v7.11.2 and would like to use the auditing features in Kibana to monitor the usage of various dashboards by various logins. etc.

I tried to enable auditing in my local setup in macOS using below steps:

Installed gz package
Enabled 30 days trial so that x-pack is enabled
Enabled audit: xpack.security.audit.enabled: true
Added the below default settings which are mentioned in the guide:

xpack.security.audit.appender:
  type: rolling-file
  fileName: ./audit.log
  policy:
    type: time-interval
    interval: 24h 
  strategy:
    type: numeric
    max: 10 
  layout:
    type: json

Kibana was unable to start after adding these bits. The errors I am getting:

log   [22:42:48.442] [fatal][root] TypeError: undefined is not iterable (cannot read property Symbol(Symbol.iterator))
    at LiteralType.handleError (KIBANA_HOME/node_modules/@kbn/config-schema/target/out/types/literal_type.js:17:25)
    at LiteralType.onError (KIBANA_HOME/node_modules/@kbn/config-schema/target/out/types/type.js:69:40)
    at type.<anonymous> (KIBANA_HOME/node_modules/@kbn/config-schema/target/out/types/type.js:41:53)
    at finish (KIBANA_HOME/node_modules/joi/lib/types/any/index.js:529:50)
    at type._validate (KIBANA_HOME/node_modules/joi/lib/types/any/index.js:585:20)
    at type._base (KIBANA_HOME/node_modules/joi/lib/types/object/index.js:212:45)
    at type._validate (KIBANA_HOME/node_modules/joi/lib/types/any/index.js:614:37)
    at internals.Alternatives._base (KIBANA_HOME/node_modules/joi/lib/types/alternatives/index.js:60:40)
    at internals.Alternatives._validate (KIBANA_HOME/node_modules/joi/lib/types/any/index.js:614:37)
    at type._base (KIBANA_HOME/node_modules/joi/lib/types/object/index.js:212:45)
    at type._validate (KIBANA_HOME/node_modules/joi/lib/types/any/index.js:614:37)
    at type._base (KIBANA_HOME/node_modules/joi/lib/types/object/index.js:212:45)
    at type._validate (KIBANA_HOME/node_modules/joi/lib/types/any/index.js:614:37)
    at type._validateWithOptions (KIBANA_HOME/node_modules/joi/lib/types/any/index.js:674:29)
    at module.exports.internals.Any.root.validate (KIBANA_HOME/node_modules/joi/lib/index.js:146:23)
    at ObjectType.validate (KIBANA_HOME/node_modules/@kbn/config-schema/target/out/types/type.js:46:72)

 FATAL  TypeError: undefined is not iterable (cannot read property Symbol(Symbol.iterator))

Is this due to incompatible version of NodeJS or some missing plugins ? I also tried using the flat structure of YAML, but getting the same error.

Can someone please suggest any solutions to this ?

Thank you

Aaron_Caldwell · June 9, 2021, 10:47pm

Hello Preetish,

Just a guess at this point but have you tried providing an absolute path for fileName? Something like /full/path/to/file/audit.log using whatever your full path is.

Regards,
Aaron

preetish_P · June 10, 2021, 8:28am

Hi @Aaron_Caldwell

Tried absolute path in fileName, still getting the same error.

Thanks

system · July 8, 2021, 8:28am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.