Retention of audit logs


The goal is to archive audit logs on daily basis and recycle archives older than n days.
So far I haven't found correct property for audit_rolling appender to get this working.

This is what I have

appender.audit_rolling.type = RollingFile = audit_rolling
appender.audit_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_access.log
appender.audit_rolling.layout.type = PatternLayout
appender.audit_rolling.layout.pattern = [%d{ISO8601}] %m%n
appender.audit_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_access-%d{yyyy-MM-dd-HH-mm}-%i.log.gz
appender.audit_rolling.policies.type = Policies
appender.audit_rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.audit_rolling.policies.time.interval = 1
appender.audit_rolling.policies.time.modulate = true
appender.audit_rolling.strategy.action.condition.age = 10D

The last string seems is not applicable and prevents ES from starting.
Please advice the correct way to rotate archived audit logs using log4j2.

ES version - 6.8.0

Thanks ahead,

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.