Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 82bc3f54eb
Branches Tags
elasticsearch
/
x-pack
/
docs
/
en
/
security
/
auditing
/
enable-audit-logging.asciidoc

enable-audit-logging.asciidoc 1001 B
History Raw

123456789101112131415161718192021222324 
  1. [role="xpack"]
    2. 

  2. [[enable-audit-logging]]
    3. 

  3. == Enabling audit logging
    4. 

  4. 

  5. You can log security-related events such as authentication failures and refused connections
    6. 

  6. to monitor your cluster for suspicious activity. 
    7. 

  7. Audit logging also provides forensic evidence in the event of an attack.
    8. 

  8. 

  9. [IMPORTANT]
    10. 

  10. ============================================================================
    11. 

  11. Audit logs are **disabled** by default. You must explicitly enable audit logging.
    12. 

  12. ============================================================================
    13. 

  13. 

  14. To enable enable audit logging:
    15. 

  15. 

  16. . Set `xpack.security.audit.enabled` to `true` in `elasticsearch.yml`.
    17. 

  17. . Restart {es}.
    18. 

  18. 

  19. When audit logging is enabled, <<audit-event-types, security events>> are persisted to 
    20. 

  20. a dedicated `<clustername>_audit.json` file on the host's file system (on each node).
    21. 

  21. 

  22. You can configure additional options to control what events are logged and 
    23. 

  23. what information is included in the audit log. 
    24. 

  24. For more information, see <<auditing-settings>>.
    25.