Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: b8d85cf6a8
Branches Tags
elasticsearch
/
x-pack
/
docs
/
en
/
security
/
auditing
/
overview.asciidoc

overview.asciidoc 744 B
History Raw

1234567891011121314151617 
  1. [role="xpack"]
    2. 

  2. [[auditing]]
    3. 

  3. == Auditing security events
    4. 

  4. 

  5. You can enable auditing to keep track of security-related events such as
    6. 

  6. authentication failures and refused connections. Logging these events enables you
    7. 

  7. to monitor your cluster for suspicious activity and provides evidence in the
    8. 

  8. event of an attack.
    9. 

  9. 

  10. [IMPORTANT]
    11. 

  11. ============================================================================
    12. 

  12. Audit logs are **disabled** by default. To enable this functionality, you
    13. 

  13. must set `xpack.security.audit.enabled` to `true` in `elasticsearch.yml`.
    14. 

  14. ============================================================================
    15. 

  15. 

  16. The audit log persists events to a dedicated `<clustername>_audit.json` file on
    17. 

  17. the host's file system (on each node).
    18.