How to index Elasticsearch security audit events in 7.0?

Matt_Vasquez · April 19, 2019, 6:34pm

So I've just recently upgraded to 7.0 from 6.7 and had to take out:
xpack.security.audit.outputs: [index, log]

from the elasticsearch.yml config file due to deprecation in 7.0?

As I understand now security audit event are now logged to a json log file. Whats the proper way to index this? Filebeat? Logstash? I don't understand why they took this feature away.. Broke all my security audit visualizations/dashboards

system · May 17, 2019, 6:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Xpack.security.audit.outputs: [ index, logfile ] in 7.x? Elasticsearch	1	751	February 6, 2020
Audit Log index Elasticsearch	1	383	February 19, 2019
Audit logs on ES 7.16.3 Elasticsearch elastic-stack-security	3	423	March 14, 2022
Auditing Security Events visualizing Kibana elastic-stack-security	14	818	November 28, 2018
Index audit output Elasticsearch	3	2573	January 13, 2017

How to index Elasticsearch security audit events in 7.0?

Related topics