Xpack.security.audit.outputs: [ index, logfile ] in 7.x?

retr0s · January 9, 2020, 2:39am

Hello,

Uptil 6.2 the security audits could be sent to an ES index by setting this line elasticsearch.yml file

xpack.security.audit.outputs: [ index, logfile ]

https://www.elastic.co/guide/en/x-pack/current/auditing.html#audit-log-settings

In 7.x the audit logs can be only written to clustername_audit.json or console.

My question is how can the audit logs be sent to an ES index, just like 6.2? Is there any such option anymore?

Thanks!

system · February 6, 2020, 2:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to index Elasticsearch security audit events in 7.0? Elasticsearch	1	312	May 17, 2019
Audit Log index Elasticsearch	1	383	February 19, 2019
Audit logs on ES 7.16.3 Elasticsearch elastic-stack-security	3	423	March 14, 2022
Enabling audit in 6.3.0 writes to <cluster>.log not to <cluster>_access.log Elasticsearch	3	584	September 11, 2018
Audit logs doc error or I'm confused Elasticsearch elastic-stack-security	2	384	April 23, 2019