I know it's a rare use case but Is there any way to forward elasticsearch audit logs to another syslog server? all I find is this but it's deprecated.
AS this feature is removed on Elasticsearch 7.x, you could go with a filebeat and read that audit log from Elasticsearch?
Yes but what about output configuration? I didn't find any option for that in here.
Do I have to create my own filebeat?
your output would probably be another elasticsearch cluster (to prevent running in circles).
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.