18 lines
740 B
Plaintext
18 lines
740 B
Plaintext
|
[[enable-auditing]]
|
||
|
=== Enable Auditing
|
||
|
|
||
|
When you enable auditing, Shield stores a record of attempted and successful interactions with
|
||
|
your Elasticsearch cluster. You can use this information to keep track of who is doing what to
|
||
|
your cluster and identify potential security issues.
|
||
|
|
||
|
To enable auditing, add the following setting to `elasticsearch.yml`:
|
||
|
|
||
|
[source,yaml]
|
||
|
----------------------------
|
||
|
shield.audit.enabled: true
|
||
|
----------------------------
|
||
|
|
||
|
By default, events are logged to a dedicated `elasticsearch-access.log` file in `ES_HOME/logs`. You can also store the events in an Elasticsearch index for easier analysis and control what events
|
||
|
are logged. For more information, see <<configuring-auditing, Configuring Auditing>>.
|
||
|
|