Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate index audit output type #37301

Closed
wants to merge 2 commits into from
Closed

Deprecate index audit output type #37301

wants to merge 2 commits into from

Conversation

albertzaharovits
Copy link
Contributor

This PR deprecates the index audit output.
In general, the problem with it is that event indexing can be slower than the rate with which audit events are generated, especially during the daily rollovers or the rolling cluster upgrades. In this situation audit events will be lost which is a terrible failure case for an audit system.

I will follow-up with the removal PR for 7.0 .

Relates #29881

CC @ycombinator

@albertzaharovits albertzaharovits self-assigned this Jan 10, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security

@ycombinator
Copy link
Contributor

The beats work to handle this deprecation is close to being done: elastic/beats#8852

jaymode
jaymode approved these changes Jan 11, 2019
View reviewed changes
Copy link
Member

@jaymode jaymode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

jaymode
jaymode requested changes Jan 11, 2019
View reviewed changes
Copy link
Member

@jaymode jaymode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I was too quick with the LGTM. This should also add a check in NodeDeprecationChecks

@albertzaharovits
Copy link
Contributor Author

albertzaharovits commented Jan 13, 2019
edited

Ah, right.
I was planning to add this in the follow-up 7.0 PR that actually removes the output type because the deprecation check will be admonishing that the output type has been removed. But the 7.0 PR does not touch the 6.x branch, yet the check has to sit in 6.x. I will add the check.

@albertzaharovits albertzaharovits changed the base branch from master to 6.x January 20, 2019 11:27
@albertzaharovits albertzaharovits changed the base branch from 6.x to master January 20, 2019 11:27
@albertzaharovits albertzaharovits mentioned this pull request Jan 21, 2019
Merged
@albertzaharovits
Copy link
Contributor Author

@jaymode I went for a new PR to add the NodeDeprecationChecks. The files for these are only stubs in master so I guess the idiomatic way to add these is a 6.x PR which I have opened here #37671 . I will follow with a master only PR to remove the output altogether and add the /migration/migrate_7_0/settings.asciidoc notice.

@albertzaharovits albertzaharovits deleted the deprecate_index_audit branch January 22, 2019 11:15
@albertzaharovits albertzaharovits mentioned this pull request Jan 22, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaymode jaymode jaymode requested changes

@tvernum tvernum Awaiting requested review from tvernum

@lcawl lcawl Awaiting requested review from lcawl

Assignees

@albertzaharovits albertzaharovits

Labels
>deprecation :Security/Audit X-Pack Audit logging v6.7.0 v7.0.0-beta1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@albertzaharovits @elasticmachine @ycombinator @jaymode @colings86