Hi,
I'm trying to configure the xpack audit logs in an EL installation that has the configuration outside the usual elasticsearch directory (path_base/config/).
I have xpack settings on two sites right now.
- /base_path/config/x-pack
- /other_conf_path/conf/elasticsearch/x-pack
When I start the service of elasticsearch that is configured, I do it this way:
...
ExecStart =/data/lmelk/tools/elasticsearch/bin/elasticsearch
-p $ {PID_DIR} /elasticsearch.pid
--quiet
-Edefault.path.logs = $ {LOG_DIR}
-Edefault.path.data = $ {DATA_DIR}
-Edefault.path.conf = $ {CONF_DIR}
...
Where $ {CONF_DIR} is informed with the value /other_conf_path/conf/elasticsearch
The system works fine, and I retrieve the configuration of the elasticsearch.yml and log4j.properties from the directory I want. But it's not the same with x-pack.
For some reason, I do not read the log4j x-pack configuration I have stored in /other_conf_path/conf/elasticsearch /x-pack but the default one in /base_path/config/x-pack
Writing the audit log to the root of the installation, in /base_path/
I may be missing some additional configuration at startup? Or something else?
Any ideas?
Regards,