Stack access audit

I am wondering what's the best way to go about implementing Access logging for individual indexes. Specifically, is there a log that can show which user access information per index or indices?

ES has a security audit module, with 2 ways of shipping data:

  • (deprecated) over transport protocol ... this should work in ECE for now
  • to file ... currently that is shipped to the Logging and Metrics cluster (so you have to ensure the cluster is appropriately sized for the volume) and there is no easy way of separating access to this from other cluster logs

Longer term we are working on being able to ship different log types to different clusters (including external ones)


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.