Hello,
I was wondering if there was a way to automatically zip up the ${cluster.name}-access.log file that's generated when auditing is enabled for shield? Similar to how you can do so in the logging.yml file for the ${cluster.name}.log file. I tried using the logging.yml file and configuring a section for the -access.log file, but that just disabled logging entirely.
You should be able to do that with the following, just change the names accordingly.
Locate the following section in the logging.yml file and uncomment it (remove the # from the lines):
#file:
#type: extrasRollingFile
#file: ${path.logs}/elasticsearch.log.gz
#rollingPolicy: timeBased
#rollingPolicy.FileNamePattern: ${path.logs}/${cluster.name}%d{yyyy-MM-dd}.log.gz
#layout:
#type: pattern
#conversionPattern: "%d{ISO8601}"
Then locate the section in the logging.yml that is right above it (see below) and comment it out (add # in front of each line):
file:
type: dailyRollingFile
file: ${path.logs}/${cluster.name}.log
datePattern: "'.'yyyy-MM-dd"
layout:
type: pattern
conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
Restart the node. Then as it rolls a new daily log file, it will compress/gz the older log file.
1 Like
ah thanks, I found the file but I wasn't sure if I was supposed to comment out the dailyRollingFile or not. Thanks!
1 Like