OpenSearch/shield/docs/public/getting-started/enable-auditing.asciidoc

18 lines
740 B
Plaintext
Raw Normal View History

[[enable-auditing]]
=== Enable Auditing
When you enable auditing, Shield stores a record of attempted and successful interactions with
your Elasticsearch cluster. You can use this information to keep track of who is doing what to
your cluster and identify potential security issues.
To enable auditing, add the following setting to `elasticsearch.yml`:
[source,yaml]
----------------------------
shield.audit.enabled: true
----------------------------
By default, events are logged to a dedicated `elasticsearch-access.log` file in `ES_HOME/logs`. You can also store the events in an Elasticsearch index for easier analysis and control what events
are logged. For more information, see <<configuring-auditing, Configuring Auditing>>.