Retention of audit logs

szemlyanoy · February 12, 2020, 6:42pm

Hi,

The goal is to archive audit logs on daily basis and recycle archives older than n days.
So far I haven't found correct property for audit_rolling appender to get this working.

This is what I have

appender.audit_rolling.type = RollingFile
appender.audit_rolling.name = audit_rolling
appender.audit_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_access.log
appender.audit_rolling.layout.type = PatternLayout
appender.audit_rolling.layout.pattern = [%d{ISO8601}] %m%n
appender.audit_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_access-%d{yyyy-MM-dd-HH-mm}-%i.log.gz
appender.audit_rolling.policies.type = Policies
appender.audit_rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.audit_rolling.policies.time.interval = 1
appender.audit_rolling.policies.time.modulate = true
appender.audit_rolling.strategy.action.condition.age = 10D

The last string seems is not applicable and prevents ES from starting.
Please advice the correct way to rotate archived audit logs using log4j2.

ES version - 6.8.0

Thanks ahead,
Sergii

system · March 11, 2020, 6:42pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Retain log files on demand Elasticsearch	1	404	March 20, 2019
AuditLog logfile retention problem Elasticsearch	1	512	January 31, 2019
Audit log time based deletion policy not working Elasticsearch	4	465	January 9, 2023
Audit logs not updating properly Elasticsearch	1	655	November 14, 2019
Audit log study Elasticsearch elastic-stack-security	9	2571	March 11, 2019

Retention of audit logs

Related topics