I recently activated the logging.dest in the kibana.yml. The reason for doing that is I wanted to check details of who logged into Kibana through xpack. But the problem is that kibana audit logs get filled so much that even a little activity in the Kibana UI gets logged. Is there any way to reduce the amount of logging so that I can capture only the login details of a certain user and not every activity by the users?
Thanks.
Unfortunately, I don't believe there is an option to configure the logging to only log login attempts. You can, however, only log errors by setting logging.quiet: true. Do you have access to configure the logging in Elasticsearch? If so, you may be able to see any authentication attempts, as well as limit it to success or failures. More info here: https://www.elastic.co/guide/en/x-pack/6.2/auditing.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.