[DOCS] Rename auditing topic. Closes #49012 (#49013)

* [DOCS] Rename auditing topic. Closes #49012

* Fixed file name, fixed settings link.

* Add link to settings

docs/reference/redirects.asciidoc

@@ -921,11 +921,17 @@ See <<monitoring-overview>>.
 See <<monitor-elasticsearch-cluster>>.
 
 [role="exclude",id="docker-cli-run"]
+=== Docker Run
 
 See <<docker-cli-run-dev-mode>>.
 
+[role="exclude",id="auditing"]
+=== Audit logging
+
+See <<enable-audit-logging>>.
+
 [role="exclude",id="analysis-compound-word-tokenfilter"]
 === Compound word token filters
 
 See <<analysis-dict-decomp-tokenfilter>> and
-<<analysis-hyp-decomp-tokenfilter>>.
+<<analysis-hyp-decomp-tokenfilter>>.

docs/reference/settings/audit-settings.asciidoc

@@ -5,8 +5,8 @@
 <titleabbrev>Auditing settings</titleabbrev>
 ++++
 
-All of these settings can be added to the `elasticsearch.yml` configuration
-file. For more information, see <<auditing>>.
+You configure security auditing settings in the `elasticsearch.yml` configuration file
+on each node in the cluster. For more information, see <<enable-audit-logging>>.
 
 [[general-audit-settings]]
 ==== General Auditing Settings
@@ -14,7 +14,7 @@ file. For more information, see <<auditing>>.
 `xpack.security.audit.enabled`::
 Set to `true` to enable auditing on the node. The default value is `false`.
 This puts the auditing events in a dedicated file named `<clustername>_audit.json`
-on each node. For more information, see <<configuring-logging-levels>>.
+on each node. 
 
 [[event-audit-settings]]
 ==== Audited Event Settings

x-pack/docs/en/security/auditing/enable-audit-logging.asciidoc

@@ -0,0 +1,24 @@
+[role="xpack"]
+[[enable-audit-logging]]
+== Enabling audit logging
+
+You can log security-related events such as authentication failures and refused connections
+to monitor your cluster for suspicious activity. 
+Audit logging also provides forensic evidence in the event of an attack.
+
+[IMPORTANT]
+============================================================================
+Audit logs are **disabled** by default. You must explicitly enable audit logging.
+============================================================================
+
+To enable enable audit logging:
+
+. Set `xpack.security.audit.enabled` to `true` in `elasticsearch.yml`.
+. Restart {es}.
+
+When audit logging is enabled, <<audit-event-types, security events>> are persisted to 
+a dedicated `<clustername>_audit.json` file on the host's file system (on each node).
+
+You can configure additional options to control what events are logged and 
+what information is included in the audit log. 
+For more information, see <<auditing-settings>>.

x-pack/docs/en/security/auditing/event-types.asciidoc

@@ -2,7 +2,7 @@
 [[audit-event-types]]
 === Audit event types
 
-When you are <<auditing,auditing security events>>, each request can generate
+When you are <<enable-audit-logging,auditing security events>>, each request can generate
 multiple audit events.
 
 The following is a list of the events that can be generated:

x-pack/docs/en/security/auditing/index.asciidoc

@@ -1,4 +1,4 @@
-include::overview.asciidoc[]
+include::enable-audit-logging.asciidoc[]
 
 include::event-types.asciidoc[]
 

x-pack/docs/en/security/auditing/overview.asciidoc

@@ -1,17 +0,0 @@
-[role="xpack"]
-[[auditing]]
-== Auditing security events
-
-You can enable auditing to keep track of security-related events such as
-authentication failures and refused connections. Logging these events enables you
-to monitor your cluster for suspicious activity and provides evidence in the
-event of an attack.
-
-[IMPORTANT]
-============================================================================
-Audit logs are **disabled** by default. To enable this functionality, you
-must set `xpack.security.audit.enabled` to `true` in `elasticsearch.yml`.
-============================================================================
-
-The audit log persists events to a dedicated `<clustername>_audit.json` file on
-the host's file system (on each node).