-
Notifications
You must be signed in to change notification settings - Fork 24.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
* [DOCS] Rename auditing topic. Closes #49012 * Fixed file name, fixed settings link. * Add link to settings
- Loading branch information
Showing
6 changed files
with
36 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
24 changes: 24 additions & 0 deletions
24
x-pack/docs/en/security/auditing/enable-audit-logging.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
[role="xpack"] | ||
[[enable-audit-logging]] | ||
== Enabling audit logging | ||
|
||
You can log security-related events such as authentication failures and refused connections | ||
to monitor your cluster for suspicious activity. | ||
Audit logging also provides forensic evidence in the event of an attack. | ||
|
||
[IMPORTANT] | ||
============================================================================ | ||
Audit logs are **disabled** by default. You must explicitly enable audit logging. | ||
============================================================================ | ||
|
||
To enable enable audit logging: | ||
|
||
. Set `xpack.security.audit.enabled` to `true` in `elasticsearch.yml`. | ||
. Restart {es}. | ||
|
||
When audit logging is enabled, <<audit-event-types, security events>> are persisted to | ||
a dedicated `<clustername>_audit.json` file on the host's file system (on each node). | ||
|
||
You can configure additional options to control what events are logged and | ||
what information is included in the audit log. | ||
For more information, see <<auditing-settings>>. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
include::overview.asciidoc[] | ||
include::enable-audit-logging.asciidoc[] | ||
|
||
include::event-types.asciidoc[] | ||
|
||
|
This file was deleted.
Oops, something went wrong.