diff --git a/qa/pom.xml b/qa/pom.xml
index a2e3b1d0dbf..7bff7f17887 100644
--- a/qa/pom.xml
+++ b/qa/pom.xml
@@ -322,6 +322,7 @@
         <module>shield-example-realm</module>
         <module>shield-tribe-node-tests</module>
         <module>shield-client-tests</module>
+        <module>shield-audit-tests</module>
     </modules>
 
     <profiles>
diff --git a/qa/shield-audit-tests/integration-tests.xml b/qa/shield-audit-tests/integration-tests.xml
new file mode 100644
index 00000000000..24ee45c2cdc
--- /dev/null
+++ b/qa/shield-audit-tests/integration-tests.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0"?>
+<!--
+  ~ ELASTICSEARCH CONFIDENTIAL
+  ~ __________________
+  ~
+  ~  [2014] Elasticsearch Incorporated. All Rights Reserved.
+  ~
+  ~ NOTICE:  All information contained herein is, and remains
+  ~ the property of Elasticsearch Incorporated and its suppliers,
+  ~ if any.  The intellectual and technical concepts contained
+  ~ herein are proprietary to Elasticsearch Incorporated
+  ~ and its suppliers and may be covered by U.S. and Foreign Patents,
+  ~ patents in process, and are protected by trade secret or copyright law.
+  ~ Dissemination of this information or reproduction of this material
+  ~ is strictly forbidden unless prior written permission is obtained
+  ~ from Elasticsearch Incorporated.
+  -->
+
+<project name="shield-client-tests"
+         xmlns:ac="antlib:net.sf.antcontrib">
+
+    <import file="${elasticsearch.integ.antfile.default}"/>
+
+    <!-- redefined to work with auth -->
+    <macrodef name="waitfor-elasticsearch">
+        <attribute name="port"/>
+        <attribute name="timeoutproperty"/>
+        <sequential>
+            <echo>Waiting for elasticsearch to become available on port @{port}...</echo>
+            <waitfor maxwait="30" maxwaitunit="second"
+                     checkevery="500" checkeveryunit="millisecond"
+                     timeoutproperty="@{timeoutproperty}">
+                <socket server="127.0.0.1" port="@{port}"/>
+            </waitfor>
+        </sequential>
+    </macrodef>
+
+    <target name="start-external-cluster-with-plugin" depends="setup-workspace">
+        <ac:for list="${xplugins.list}" param="xplugin.name">
+            <sequential>
+                <fail message="Expected @{xplugin.name}-${version}.zip as a dependency, but could not be found in ${integ.deps}/plugins}">
+                    <condition>
+                        <not>
+                            <available file="${integ.deps}/plugins/@{xplugin.name}-${elasticsearch.version}.zip" />
+                        </not>
+                    </condition>
+                </fail>
+            </sequential>
+        </ac:for>
+
+        <ac:for param="file">
+            <path>
+                <fileset dir="${integ.deps}/plugins"/>
+            </path>
+            <sequential>
+                <local name="plugin.name"/>
+                <convert-plugin-name file="@{file}" outputproperty="plugin.name"/>
+                <install-plugin name="${plugin.name}" file="@{file}"/>
+            </sequential>
+        </ac:for>
+
+        <local name="home"/>
+        <property name="home" location="${integ.scratch}/elasticsearch-${elasticsearch.version}"/>
+
+        <echo>Adding shield users...</echo>
+        <run-script script="${home}/bin/shield/esusers">
+            <nested>
+                <arg value="useradd"/>
+                <arg value="test_user"/>
+                <arg value="-p"/>
+                <arg value="changeme"/>
+                <arg value="-r"/>
+                <arg value="admin"/>
+            </nested>
+        </run-script>
+
+        <startup-elasticsearch>
+            <additional-args>
+                <arg value="-Des.shield.audit.enabled=true"/>
+                <arg value="-Des.shield.audit.outputs=index"/>
+            </additional-args>
+        </startup-elasticsearch>
+
+        <echo>Checking we can connect with basic auth on port ${integ.http.port}...</echo>
+        <local name="temp.file"/>
+        <tempfile property="temp.file" destdir="${java.io.tmpdir}"/>
+        <get src="http://127.0.0.1:${integ.http.port}" dest="${temp.file}"
+             username="test_user" password="changeme" verbose="true" retries="10"/>
+    </target>
+</project>
diff --git a/qa/shield-audit-tests/pom.xml b/qa/shield-audit-tests/pom.xml
new file mode 100644
index 00000000000..359a9858755
--- /dev/null
+++ b/qa/shield-audit-tests/pom.xml
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>x-plugins-qa</artifactId>
+        <groupId>org.elasticsearch.qa</groupId>
+        <version>3.0.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>shield-audit-tests</artifactId>
+    <name>QA: Shield index audit tests</name>
+    <description>Tests the Shield Index Audit that works in a cluster properly</description>
+
+
+    <properties>
+        <skip.unit.tests>true</skip.unit.tests>
+        <tests.rest.load_packaged>false</tests.rest.load_packaged>
+        <elasticsearch.integ.antfile>${project.basedir}/integration-tests.xml</elasticsearch.integ.antfile>
+        <xplugins.list>license,shield</xplugins.list>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.elasticsearch.plugin</groupId>
+            <artifactId>shield</artifactId>
+            <version>${elasticsearch.version}</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-assembly-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>integ-setup-dependencies</id>
+                        <phase>pre-integration-test</phase>
+                        <goals>
+                            <goal>copy</goal>
+                        </goals>
+                        <configuration>
+                            <skip>${skip.integ.tests}</skip>
+                            <useBaseVersion>true</useBaseVersion>
+                            <outputDirectory>${integ.deps}/plugins</outputDirectory>
+
+                            <artifactItems>
+                                <!-- elasticsearch distribution -->
+                                <artifactItem>
+                                    <groupId>org.elasticsearch.distribution.zip</groupId>
+                                    <artifactId>elasticsearch</artifactId>
+                                    <version>${elasticsearch.version}</version>
+                                    <type>zip</type>
+                                    <overWrite>true</overWrite>
+                                    <outputDirectory>${integ.deps}</outputDirectory>
+                                </artifactItem>
+
+                                <!-- commercial plugins -->
+                                <artifactItem>
+                                    <groupId>org.elasticsearch.plugin</groupId>
+                                    <artifactId>license</artifactId>
+                                    <version>${elasticsearch.version}</version>
+                                    <type>zip</type>
+                                    <overWrite>true</overWrite>
+                                </artifactItem>
+
+                                <artifactItem>
+                                    <groupId>org.elasticsearch.plugin</groupId>
+                                    <artifactId>shield</artifactId>
+                                    <version>${elasticsearch.version}</version>
+                                    <type>zip</type>
+                                    <overWrite>true</overWrite>
+                                </artifactItem>
+                            </artifactItems>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <!-- integration tests -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-antrun-plugin</artifactId>
+                <executions>
+                    <!-- start up external cluster -->
+                    <execution>
+                        <id>integ-setup</id>
+                        <phase>pre-integration-test</phase>
+                        <goals>
+                            <goal>run</goal>
+                        </goals>
+                        <configuration>
+                            <target>
+                                <ant antfile="${elasticsearch.integ.antfile}" target="start-external-cluster-with-plugin">
+                                    <property name="tests.jvm.argline" value="${tests.jvm.argline}"/>
+                                    <property name="plugins.dir" value="${plugins.dir}"/>
+                                    <property name="xplugins.list" value="${xplugins.list}"/>
+                                </ant>
+                            </target>
+                            <skip>${skip.integ.tests}</skip>
+                        </configuration>
+                    </execution>
+                    <!-- shut down external cluster -->
+                    <execution>
+                        <id>integ-teardown</id>
+                        <phase>post-integration-test</phase>
+                        <goals>
+                            <goal>run</goal>
+                        </goals>
+                        <configuration>
+                            <target>
+                                <ant antfile="${elasticsearch.integ.antfile}" target="stop-external-cluster"/>
+                            </target>
+                            <skip>${skip.integ.tests}</skip>
+                        </configuration>
+                    </execution>
+                </executions>
+                <dependencies>
+                    <dependency>
+                        <groupId>ant-contrib</groupId>
+                        <artifactId>ant-contrib</artifactId>
+                        <version>1.0b3</version>
+                        <exclusions>
+                            <exclusion>
+                                <groupId>ant</groupId>
+                                <artifactId>ant</artifactId>
+                            </exclusion>
+                        </exclusions>
+                    </dependency>
+                    <dependency>
+                        <groupId>org.apache.ant</groupId>
+                        <artifactId>ant-nodeps</artifactId>
+                        <version>1.8.1</version>
+                    </dependency>
+                </dependencies>
+            </plugin>
+        </plugins>
+    </build>
+</project>
diff --git a/qa/shield-audit-tests/src/test/java/org/elasticsearch/shield/audit/IndexAuditIT.java b/qa/shield-audit-tests/src/test/java/org/elasticsearch/shield/audit/IndexAuditIT.java
new file mode 100644
index 00000000000..e76d3e01fbb
--- /dev/null
+++ b/qa/shield-audit-tests/src/test/java/org/elasticsearch/shield/audit/IndexAuditIT.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.shield.audit;
+
+import org.elasticsearch.action.search.SearchResponse;
+import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.index.query.QueryBuilders;
+import org.elasticsearch.plugins.Plugin;
+import org.elasticsearch.shield.ShieldPlugin;
+import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
+import org.elasticsearch.test.ESIntegTestCase;
+import org.elasticsearch.test.rest.client.http.HttpResponse;
+import org.junit.Test;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.concurrent.TimeUnit;
+
+import static org.hamcrest.Matchers.greaterThan;
+import static org.hamcrest.Matchers.is;
+
+public class IndexAuditIT extends ESIntegTestCase {
+
+    private static final String USER = "test_user";
+    private static final String PASS = "changeme";
+
+    @Test
+    public void testShieldIndexAuditTrailWorking() throws Exception {
+        HttpResponse response = httpClient().path("/_cluster/health")
+                .addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray())))
+                .execute();
+        assertThat(response.getStatusCode(), is(200));
+
+        boolean found = awaitBusy(() -> {
+            if (client().admin().cluster().prepareState().get().getState().getMetaData().getIndices().size() < 1) {
+                return false;
+            }
+            client().admin().indices().prepareRefresh().get();
+            return client().prepareSearch(".shield_audit_log*").setQuery(QueryBuilders.matchQuery("principal", USER)).get().getHits().totalHits() > 0;
+        }, 5L, TimeUnit.SECONDS);
+
+        assertThat(found, is(true));
+
+        SearchResponse searchResponse = client().prepareSearch(".shield_audit_log*").setQuery(QueryBuilders.matchQuery("principal", USER)).addField("principal").get();
+        assertThat(searchResponse.getHits().getHits().length, greaterThan(0));
+        assertThat((String) searchResponse.getHits().getAt(0).field("principal").getValue(), is(USER));
+
+    }
+
+    @Override
+    protected Settings externalClusterClientSettings() {
+        return Settings.builder()
+                .put("shield.user", USER + ":" + PASS)
+                .build();
+    }
+
+    @Override
+    protected Collection<Class<? extends Plugin>> transportClientPlugins() {
+        return Collections.<Class<? extends Plugin>>singleton(ShieldPlugin.class);
+    }
+}