Recovering xpack log4j configuration from not standart path


I'm trying to configure the xpack audit logs in an EL installation that has the configuration outside the usual elasticsearch directory (path_base/config/).

I have xpack settings on two sites right now.

  • /base_path/config/x-pack
  • /other_conf_path/conf/elasticsearch/x-pack

When I start the service of elasticsearch that is configured, I do it this way:

ExecStart =/data/lmelk/tools/elasticsearch/bin/elasticsearch
-p $ {PID_DIR} /
-Edefault.path.logs = $ {LOG_DIR} = $ {DATA_DIR}
-Edefault.path.conf = $ {CONF_DIR}

Where $ {CONF_DIR} is informed with the value /other_conf_path/conf/elasticsearch

The system works fine, and I retrieve the configuration of the elasticsearch.yml and from the directory I want. But it's not the same with x-pack.

For some reason, I do not read the log4j x-pack configuration I have stored in /other_conf_path/conf/elasticsearch /x-pack but the default one in /base_path/config/x-pack

Writing the audit log to the root of the installation, in /base_path/

I may be missing some additional configuration at startup? Or something else?

Any ideas?


False alarm, do not configure the path of the x-pack file well.

After proper updating, the log is spelled correctly.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.