Where audit logger methods are called

where clientWrapper in kibana calls methods like this

public async update<T extends SavedObjectAttributes>(
   type: string,
   id: string,
   attributes: Partial<T>,
   options: SavedObjectsUpdateOptions = {}
 ) {
   await this.ensureAuthorized(type, 'update', options.namespace, {

   return await this.baseClient.update(type, id, attributes, options);

in this path : (x-pack / plugins / security / server / savedobject / SecureSavedObjectsClientWrapper )

in other words how and where user activities are logged in kibana ?

Hi @houshmand1996,

You can learn more about the Kibana audit logs here: https://www.elastic.co/guide/en/kibana/current/xpack-security-audit-logging.html. They are disabled by default and include steps to enable it.

hi thanks for your response
but i'm not looking for enabling audit logging what's i'm actually looking for is how this audit logging in security plugins works and how it logged every action that user made . i went through of codes each and every lines but i could not finds out about that .
if you knowing anything please let me now .

This happens within the same file as the code snippet above but within the ensureAuthorized function. You can look for this.auditLogger.savedObjectsAuthorizationSuccess and this.auditLogger.savedObjectsAuthorizationFailure calls.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.