How to confirm audit logging is enabled

knagasri · May 13, 2021, 7:54am

I had deployed elasticsearch-operator(1.3.0) with elasticsearch 7.9.0 in GKE. I have used below line in my elasticsearch.yaml to enable audit logging:

xpack.security.audit.enabled: true

As per the documentation(Enabling audit logging | Elasticsearch Guide [7.9] | Elastic), there will be some file "clustername>_audit.json" like this if I do exec into the pod. But I am not able to see that file.

can anyone suggest , is there anything that I need to add.

knagasri · May 17, 2021, 3:54pm

Can anyone tell whether it will be supporting for free users or only for subscribed users.

Christian_Dahlqvist · May 17, 2021, 4:15pm

Audit logging requires a commercial subscription.

knagasri · May 19, 2021, 6:40am

Okay. Thanks @Christian_Dahlqvist for the information.

Topic		Replies	Views
Audit logging doesn't work for Elasticsearch Elasticsearch	2	637	July 13, 2020
Audit logging in elasticsearch Elasticsearch	7	492	July 23, 2020
ELK 7.3 Elasticsearch	4	409	April 9, 2020
Audit logs or other way to ensure integrity of the logs Elastic Cloud on Kubernetes (ECK)	3	1034	November 4, 2022
Audit log file does not appear in the node Elasticsearch	2	544	September 28, 2020

How to confirm audit logging is enabled

Related topics