I am running Elasticsearch 7.16.1 and also have auditing configured. I am using a default log4j properties files which I had to extend to gzip the audit files. This is not included in the 7.16.1 log4j2 properties file.
However I note that access logs are being generated in the form of <cluster_name>_access.log. These files are being rolled over every night but there seems to be nothing in the log4j2 properties file to manage such files. I cannot see any mention of access files in the properties file. I assume they are picked up by some other rolling.filePattern. However none seems to match. I am confused.
Does anyone else have a similar problem?
I did raise a ticket, but as Log4j is a third-party library and comes with a reasonable default configuration, they wouldn't progress it.