|
|
@@ -22,14 +22,13 @@ file named `<clustername>_audit.log` on each node.
|
|
|
You can also specify `index`, which puts the auditing events in an {es} index
|
|
|
that is prefixed with `.security_audit_log`. The index can reside on the same
|
|
|
cluster or a separate cluster.
|
|
|
-
|
|
|
++
|
|
|
For backwards compatibility reasons, if you use the logfile output type, a
|
|
|
`<clustername>_access.log` file is also created. It contains the same
|
|
|
information, but it uses the older (pre-6.5.0) formatting style.
|
|
|
If the backwards compatible format is not required, it should be disabled.
|
|
|
To do that, change its logger level to `off` in the `log4j2.properties` file.
|
|
|
For more information, see <<configuring-logging-levels>>.
|
|
|
-
|
|
|
+
|
|
|
--
|
|
|
TIP: If the index is unavailable, it is possible for auditing events to
|
lcawl