Question about Auditlog Setup

mchakradeo · February 4, 2020, 9:47pm

Hello,

I wanted to try out the Searchguard audit feature.
I do see login level audit logs, but not READ request level audit logs.

Here are my configs specific to audit settings:

Elasticsearch.yml:

searchguard.audit.type: debug
searchguard.compliance.history.read.watched_fields:
    - "*"

Versions:
Elasticsearch Nodes: 7.4.0
Kibana: 7.4.0
SG plugin: 7.4.0-36.2.0

Can someone help with this?
Thank you.

hsaly · February 18, 2020, 9:55am

It should be look more like:

searchguard.audit.type: debug
searchguard.compliance.history.read.watched_fields:
    - "*,*"

(First wildcard means: all indices, second means all fields)

system · March 10, 2020, 9:55am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Auditing responses? Search Guard	4	427	June 7, 2019
Read History Audit Logging - blacklisting indices Search Guard	1	382	April 19, 2018
Query logs-* with rights only on logs-user1-* ? Search Guard	10	414	August 2, 2018
Problem with filtering fields in index using field level security Search Guard	3	346	September 24, 2018
User unable to view streaming logs in Kibana Search Guard	3	344	August 27, 2020