I was reading about some problems with auditing already in spring and was hoping that it would be fixed by now, but no cigar.
Because we are running Elastic stack as a log management / SIEM system, it is extremely important to secure it properly.
In order to keep an eye on the cluster, I need to be able to get proper audit logs (who is accessing, when, from where and what was requested etc.)
I am able to enable the audit log, log it into a file and transport the audit index to remote cluster over SSL.
But there are two issues I would like someone to address:
xpack.security.audit.logfile.events.emit_request_body option is really not working, right?
I cannot see the request made, only what type of request it was, and that is really not helping.
The audit log is flooded by cluster maintenace messages and such. Is there a guide how to ignore these messages form ever getting into the audit log, or what would you guys suggest?
PS. Enabling SSL secured remote audit indexing was a bit confusing. More documentation about it would be nice. At first I didn't understood that I have to explicitly enable SSL also for the indexing client setting.
I am going to bump this as long as needed in order to get an official response. I paid for platinum license and expect things to work as documented, or at least get support if not.
I have a license but I didn't opt in for dedicated support engineer and was told to use the forum.
You know, I would understand that I have to pay extra for new features or get SLA support or something to add value to the product, but if things don't work as they should according to documentation, then I don't really understand the radio silence from your part. Especially as this is not a new thing, I'm sure you are aware of this by now.
Sorry if I am being too direct, but this feature was the main selling point when I decided to purchase the X-Pack.
Another thing regarding this, how is the delete action for index logged?
I just deleted one index, but I do not see any record of it in the audit log. Neither in index or log file.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.