[DOCS] Rename auditing topic. Closes #49012 (#49013)

* [DOCS] Rename auditing topic. Closes #49012 * Fixed file name, fixed settings link. * Add link to settings
elastic · Nov 14, 2019 · 82bc3f5 · 82bc3f5
1 parent b8d85cf
commit 82bc3f5
Show file tree

Hide file tree

Showing 6 changed files with 36 additions and 23 deletions.
diff --git a/docs/reference/redirects.asciidoc b/docs/reference/redirects.asciidoc
@@ -921,11 +921,17 @@ See <<monitoring-overview>>.
 See <<monitor-elasticsearch-cluster>>.
 
 [role="exclude",id="docker-cli-run"]
+=== Docker Run
 
 See <<docker-cli-run-dev-mode>>.
 
+[role="exclude",id="auditing"]
+=== Audit logging
+
+See <<enable-audit-logging>>.
+
 [role="exclude",id="analysis-compound-word-tokenfilter"]
 === Compound word token filters
 
 See <<analysis-dict-decomp-tokenfilter>> and
-<<analysis-hyp-decomp-tokenfilter>>.
+<<analysis-hyp-decomp-tokenfilter>>.
diff --git a/docs/reference/settings/audit-settings.asciidoc b/docs/reference/settings/audit-settings.asciidoc
@@ -5,16 +5,16 @@
 <titleabbrev>Auditing settings</titleabbrev>
 ++++
 
-All of these settings can be added to the `elasticsearch.yml` configuration
-file. For more information, see <<auditing>>.
+You configure security auditing settings in the `elasticsearch.yml` configuration file
+on each node in the cluster. For more information, see <<enable-audit-logging>>.
 
 [[general-audit-settings]]
 ==== General Auditing Settings
 
 `xpack.security.audit.enabled`::
 Set to `true` to enable auditing on the node. The default value is `false`.
 This puts the auditing events in a dedicated file named `<clustername>_audit.json`
-on each node. For more information, see <<configuring-logging-levels>>.
+on each node. 
 
 [[event-audit-settings]]
 ==== Audited Event Settings

diff --git a/x-pack/docs/en/security/auditing/enable-audit-logging.asciidoc b/x-pack/docs/en/security/auditing/enable-audit-logging.asciidoc
@@ -0,0 +1,24 @@
+[role="xpack"]
+[[enable-audit-logging]]
+== Enabling audit logging
+
+You can log security-related events such as authentication failures and refused connections
+to monitor your cluster for suspicious activity. 
+Audit logging also provides forensic evidence in the event of an attack.
+
+[IMPORTANT]
+============================================================================
+Audit logs are **disabled** by default. You must explicitly enable audit logging.
+============================================================================
+
+To enable enable audit logging:
+
+. Set `xpack.security.audit.enabled` to `true` in `elasticsearch.yml`.
+. Restart {es}.
+
+When audit logging is enabled, <<audit-event-types, security events>> are persisted to 
+a dedicated `<clustername>_audit.json` file on the host's file system (on each node).
+
+You can configure additional options to control what events are logged and 
+what information is included in the audit log. 
+For more information, see <<auditing-settings>>.
diff --git a/x-pack/docs/en/security/auditing/event-types.asciidoc b/x-pack/docs/en/security/auditing/event-types.asciidoc
@@ -2,7 +2,7 @@
 [[audit-event-types]]
 === Audit event types
 
-When you are <<auditing,auditing security events>>, each request can generate
+When you are <<enable-audit-logging,auditing security events>>, each request can generate
 multiple audit events.
 
 The following is a list of the events that can be generated:

diff --git a/x-pack/docs/en/security/auditing/index.asciidoc b/x-pack/docs/en/security/auditing/index.asciidoc
@@ -1,4 +1,4 @@
-include::overview.asciidoc[]
+include::enable-audit-logging.asciidoc[]
 
 include::event-types.asciidoc[]
 

diff --git a/x-pack/docs/en/security/auditing/overview.asciidoc b/x-pack/docs/en/security/auditing/overview.asciidoc