Shield cluster-access.log file



I was wondering if there was a way to automatically zip up the ${}-access.log file that's generated when auditing is enabled for shield? Similar to how you can do so in the logging.yml file for the ${}.log file. I tried using the logging.yml file and configuring a section for the -access.log file, but that just disabled logging entirely.

(Mark Walkom) #2

You should be able to do that with the following, just change the names accordingly.

Locate the following section in the logging.yml file and uncomment it (remove the # from the lines):

    #type: extrasRollingFile
    #file: ${path.logs}/elasticsearch.log.gz
    #rollingPolicy: timeBased
    #rollingPolicy.FileNamePattern: ${path.logs}/${}%d{yyyy-MM-dd}.log.gz
      #type: pattern
      #conversionPattern: "%d{ISO8601}"

Then locate the section in the logging.yml that is right above it (see below) and comment it out (add # in front of each line):

    type: dailyRollingFile
    file: ${path.logs}/${}.log
    datePattern: "'.'yyyy-MM-dd"
      type: pattern
      conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

Restart the node. Then as it rolls a new daily log file, it will compress/gz the older log file.


ah thanks, I found the file but I wasn't sure if I was supposed to comment out the dailyRollingFile or not. Thanks!

(system) #4