Please provide the link for download platinum or enterprise version of elasticsearch for free trail in Linux and rpm system.
There are no separate versions per license level. You download the only available version and activate a trial license.
1 Like
Can we get the Audit logs for trial licence ? if yes then please provide me the steps regarding the same.
I have followed the below document link to enable audit (Enable audit logging | Elasticsearch Guide [8.9] | Elastic)
xpack.security.audit.enabled : true
For license management followed below document link
(License settings | Elasticsearch Guide [8.9] | Elastic)
xpack.license.self_generated.type: trial
after executing the queries I am not getting audit logs in audit log file. Please confirm me whether we can get audit for trail licence version or not
Yes you can. Once the trial is activated, that you have changed the settings AND restarted your cluster (unless you modified the setting using the update settings API), that should work.
I have followed below step to activate trial licence
xpack.license.self_generated.type: trial
is it correct?
Yes. When you first start the cluster.
Once the cluster has started, modifying this value does not change anything I think.
You need to call the licence API or use Kibana (easier)
I just did.
What is not clear?
As you mentioned above I need to call license API to active the license .
Can you please provide the details about license api means what would be parameter and request body for license api?
Can you please provide the sample api to get Platinum trail license for
elasticsearch- 7.15.2 ?
It would be really helpful for me to active license for Platinum/Enterprise trail version
See Start trial API | Elasticsearch Guide [8.9] | Elastic
BTW you should upgrade your cluster to 7.17.12
means to get audit log for trail license I need to use elasticsearch-717.2 or higher version am I correct?
I have called the trail api and it is activated, I am using elaticsearch 7.15.2 version
I did necessary changes in elaticsearch.yml file to enable the audit log like
xpack.security.audit.enabled : true
xpack.security.audit.logfile.events.include: _all
xpack.security.audit.logfile.events.emit_request_body : true
xpack.license.self_generated.type: trial
after restarted the server I have inserted some record for rest event type ,But I am not getting audit log ,audit log file is empty.
Can you please confirm elaticsearch 7.15.2 version for trail license whether I can get the audit log or not ?
I depends on the actions you performed on your cluster... The list of events which could be captured by the audit logs is here: Audit events | Elasticsearch Guide [8.9] | Elastic
See also this discussion: Does Elasticsearch capture audit logs for Query DSL, EQL and SQL or Not? - #2 by dadoonet
I have perform some action on rest event type with latest version of Elasticsearch- 8.8.2 with trail license in windows machine. I am getting audit log for that.
Same action I performed on Elasticsearch- 7.15.2 version with activated trail license on linux machine here I am not getting audit log.
Can you please provide the reason for this ?
Which ones?
I'm confused because there is another discussion with another user about the exact same configuration (Windows vs RedHat, ES7.15 vs ES 8.8.2).
Do you have multiple identities on this forum?
And anyway, let's stop the discussion here as the original problem is solved:
Please provide the link for download platinum or enterprise version of elasticsearch for free trail in Linux and rpm system.
POST /shukla_test/_doc/2
{
"firstname": "Krishna",
"lastname": "kumar"
}
Above one
What is the event log you got for this one?
And please answer my other questions.
the other person is also one of my team member and we both are trying to achieve audit logs for elasticsearch .
Please find the below event log
{"type":"audit", "timestamp":"2023-07-27T15:40:31,728+0530", "cluster.uuid":"PdxPNKJfRUOh-nJVi4R9jw", "node.name":"node-1", "node.id":"8vfClNdqTQKpxsWQ9jZFsQ", "host.name":"192.168.251.17", "host.ip":"192.168.251.17", "event.type":"rest", "event.action":"authentication_success", "authentication.type":"REALM", "user.name":"elastic", "user.realm":"reserved", "origin.type":"rest", "origin.address":"[::1]:52490", "realm":"reserved", "url.path":"/shukla_test/_doc/2", "request.method":"POST", "request.body":" {\r\n "firstname": "Krishna",\r\n "lastname": "kumar"\r\n}", "request.id":"qaaUAg8sQKedKKrkcia4Xw"}
So it's a duplicate of Does Elasticsearch capture audit logs for Query DSL, EQL and SQL or Not?. Please don't open many threads for the same problem.
I'm going to close this one as this is solved.
Please make sure with your colleagues that you are not asking the same thing again and again. It's a waste of time for all the volunteers on this forum.