Hi,
I know it's a rare use case but Is there any way to forward elasticsearch audit logs to another syslog server? all I find is this but it's deprecated.
AS this feature is removed on Elasticsearch 7.x, you could go with a filebeat and read that audit log from Elasticsearch?
Yes but what about output configuration? I didn't find any option for that in here.
Do I have to create my own filebeat?
your output would probably be another elasticsearch cluster (to prevent running in circles).