I am using the docker image for elasticsearch 5.5.2 and so far I have been able to set it up fine. Now I want to take a copy of the logs and do something with them. I mount a folder to the docker run command so that the log files are available to me outside of the container.
I have set "xpack.security.audit.enabled: true" and also added path.logs in the elasticsearch.yml file. (path.logs: "/usr/share/elasticsearch/logs") which is mounted to a external folder. (- -volume ~/documents/elasticsearch/logs:/usr/share/elasticsearch/logs). Also made sure that the elasticsearch user has permissions to the data and log folder (owned by root and chmod to 777 as it is only in dev).
When I go to the log folder on the host machine, it is empty also when I exec into the docker container and cd to /usr/share/elasticsearch/logs that is empty as well.
I have read the online documentation and I think I have covered everything. It also seems from the documentation that the logs should be saved automatically after changing the xpack.security.audit.enabled
Have I missed a setting with needs to be changed in order for the logs to be saved?