Log4j audit logger

peter82 · November 25, 2021, 10:52am

I am trying to configure separate audit log file, how should I configure log4j logger name? Root logger, without this custom part works and audit logs appear in regular log file, but we want to keep it separate.

logger.sgaudit.name = com.floragunn.searchguard.auditlog
logger.sgaudit.level = info
logger.sgaudit.appenderRef.audit_rolling.ref = audit_rolling
logger.sgaudit.additivity = false

current output of audit file:
{“type”:“audit”, “timestamp”:“2021-11-25T11:29:58,018+0100”}
{“type”:“audit”, “timestamp”:“2021-11-25T11:29:58,021+0100”}
{“type”:“audit”, “timestamp”:“2021-11-25T11:29:58,021+0100”}
{“type”:“audit”, “timestamp”:“2021-11-25T11:29:58,021+0100”}

peter82 · November 25, 2021, 2:17pm

My mistake, appender audit_rolling had misconfigured layout pattern, so after I fixed it, my json logs started to appear in the audit log.

elasticsearch.yml:

searchguard.audit.type: "log4j"
searchguard.audit.config.log4j.logger_name: sgaudit
searchguard.audit.config.log4j.level: INFO

log4j:

logger.sgaudit.name = sgaudit
logger.sgaudit.appenderRef.audit_rolling.ref = audit_rolling
logger.sgaudit.additivity = false

system · December 16, 2021, 2:17pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Would like to separate out SG logs from ES logs. Search Guard	6	553	April 22, 2018
Setting the logging level to debug doesn't work for me Search Guard	2	380	August 4, 2017
Search guard doing compliance check for each index causing huge delay in ES restart Search Guard	21	1606	January 6, 2020
No known master node Search Guard	8	2034	May 20, 2019
My deployment and strategic configuration for SG, I hope to help you Search Guard	3	381	September 15, 2015

Log4j audit logger

Related Topics