Does anyone have any example of use cases to audit user access- im new to elastic search
Almost all of our security use cases - use audit logging for auditing user access.
You can enable auditing to keep track of security-related events such as authorization success and failures. Logging these events enables you to monitor Kibana for suspicious activity and provides evidence in the event of an attack.
Use the Kibana audit logs in conjunction with Elasticsearch’s audit logging to get a holistic view of all security related events. Kibana defers to Elasticsearch’s security model for authentication, data index authorization, and features that are driven by cluster-wide privileges. For more information on enabling audit logging in Elasticsearch, see Auditing security events.
Audit logs are disabled by default. To enable this functionality, you must set
You will ind it very productive to use security - try it and let us know!
thank you will try that.
From the set-up requriment how many servers should i have:
thinking on 2xservers for elastic search 1x server logstash 1x server kibana
for basic turn all five to be elastic master (this will give you HA)
2 - elastic master + data ( as I assume you only have enough disk in these two)
1 - elasticmaster, no data, logstash
1 - elasticmaster, no data, kibana