Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 8dd563134c
Branches Tags
elasticsearch
/
x-pack
/
docs
/
en
/
security
/
auditing
/
enable-audit-logging.asciidoc

enable-audit-logging.asciidoc 1.2 KB
History Raw

12345678910111213141516171819202122232425262728293031 
  1. [role="xpack"]
    2. 

  2. [[enable-audit-logging]]
    3. 

  3. == Enable audit logging
    4. 

  4. 

  5. You can log security-related events such as authentication failures and refused connections
    6. 

  6. to monitor your cluster for suspicious activity (including data access authorization and user
    7. 

  7. security configuration changes).
    8. 

  8. 

  9. Audit logging also provides forensic evidence in the event of an attack.
    10. 

  10. 

  11. [IMPORTANT]
    12. 

  12. ============================================================================
    13. 

  13. Audit logs are **disabled** by default. You must explicitly enable audit logging.
    14. 

  14. ============================================================================
    15. 

  15. --
    16. 

  16. TIP: Audit logs are only available on certain subscription levels.
    17. 

  17. For more information, see {subscriptions}.
    18. 

  18. --
    19. 

  19. 

  20. To enable audit logging:
    21. 

  21. 

  22. . Set `xpack.security.audit.enabled` to `true` in `elasticsearch.yml`.
    23. 

  23. . Restart {es}.
    24. 

  24. 

  25. When audit logging is enabled, <<audit-event-types, security events>> are persisted to
    26. 

  26. a dedicated `<clustername>_audit.json` file on the host's file system, on every cluster node.
    27. 

  27. For more information, see <<audit-log-output>>.
    28. 

  28. 

  29. You can configure additional options to control what events are logged and
    30. 

  30. what information is included in the audit log.
    31. 

  31. For more information, see <<auditing-settings>>.
    32.