[DOCS] Replaced settings with links (elastic/x-pack-elasticsearch#3626)

Original commit: elastic/x-pack-elasticsearch@4ad018521e
This commit is contained in:
Lisa Cawley 2018-01-22 15:15:31 -08:00 committed by GitHub
parent 10827033c5
commit c0edf2197b
1 changed files with 13 additions and 50 deletions

View File

@ -304,7 +304,7 @@ The format of a log entry is:
`<local_node_info>` :: Information about the local node that generated `<local_node_info>` :: Information about the local node that generated
the log entry. You can control what node information the log entry. You can control what node information
is included by configuring the is included by configuring the
<<audit-log-entry-local-node-info, local node info settings>>. {ref}/auditing-settings.html#node-audit-settings[local node info settings].
`<layer>` :: The layer from which this event originated: `<layer>` :: The layer from which this event originated:
`rest`, `transport` or `ip_filter`. `rest`, `transport` or `ip_filter`.
`<entry_type>` :: The type of event that occurred: `anonymous_access_denied`, `<entry_type>` :: The type of event that occurred: `anonymous_access_denied`,
@ -321,35 +321,13 @@ The format of a log entry is:
=== Logfile Output Settings === Logfile Output Settings
The events and some other information about what gets logged can be The events and some other information about what gets logged can be
controlled using settings in the `elasticsearch.yml` file. controlled using settings in the `elasticsearch.yml` file. See
{ref}/auditing-settings.html#event-audit-settings[Audited Event Settings] and
.Audited Event Settings {ref}/auditing-settings.html#node-audit-settings[Local Node Info Settings].
[cols="4,^2,4",options="header"]
|======
| Name | Default | Description
| `xpack.security.audit.logfile.events.include` | `access_denied`, `access_granted`, `anonymous_access_denied`, `authentication_failed`, `connection_denied`, `tampered_request`, `run_as_denied`, `run_as_granted` | Includes the specified events in the output.
| `xpack.security.audit.logfile.events.exclude` | | Excludes the specified events from the output.
| `xpack.security.audit.logfile.events.emit_request_body`| false | Include or exclude the request body from REST requests
on certain event types such as `authentication_failed`.
|======
IMPORTANT: No filtering is performed when auditing, so sensitive data may be IMPORTANT: No filtering is performed when auditing, so sensitive data may be
audited in plain text when including the request body in audit events. audited in plain text when including the request body in audit events.
[[audit-log-entry-local-node-info]]
.Local Node Info Settings
[cols="4,^2,4",options="header"]
|======
| Name | Default | Description
| `xpack.security.audit.logfile.prefix.emit_node_name` | true | Include or exclude the node's name
from the local node info.
| `xpack.security.audit.logfile.prefix.emit_node_host_address` | false | Include or exclude the node's IP address
from the local node info.
| `xpack.security.audit.logfile.prefix.emit_node_host_name` | false | Include or exclude the node's host name
from the local node info.
|======
[[logging-file]] [[logging-file]]
You can also configure how the logfile is written in the `log4j2.properties` You can also configure how the logfile is written in the `log4j2.properties`
file located in `CONFIG_DIR/x-pack`. By default, audit information is appended to the file located in `CONFIG_DIR/x-pack`. By default, audit information is appended to the
@ -450,19 +428,8 @@ in the `elasticsearch.yml` file:
xpack.security.audit.outputs: [ index, logfile ] xpack.security.audit.outputs: [ index, logfile ]
---------------------------- ----------------------------
.Audit Log Indexing Configuration For more configuration options, see
[options="header"] {ref}/auditing-settings.html#index-audit-settings[Audit Log Indexing Configuration Settings].
|======
| Attribute | Default Setting | Description
| `xpack.security.audit.index.bulk_size` | `1000` | Controls how many audit events are batched into a single write.
| `xpack.security.audit.index.flush_interval` | `1s` | Controls how often buffered events are flushed to the index.
| `xpack.security.audit.index.rollover` | `daily` | Controls how often to roll over to a new index:
`hourly`, `daily`, `weekly`, or `monthly`.
| `xpack.security.audit.index.events.include` | `anonymous_access_denied`, `authentication_failed`, `realm_authentication_failed`, `access_granted`, `access_denied`, `tampered_request`, `connection_granted`, `connection_denied`, `run_as_granted`, `run_as_denied` | The audit events to be indexed. See <<audit-event-types, Audit Entry Types>> for the complete list.
| `xpack.security.audit.index.events.exclude` | | The audit events to exclude from indexing.
| `xpack.security.audit.index.events.emit_request_body`| false | Include or exclude the request body from REST requests
on certain event types such as `authentication_failed`.
|======
IMPORTANT: No filtering is performed when auditing, so sensitive data may be IMPORTANT: No filtering is performed when auditing, so sensitive data may be
audited in plain text when including the request body in audit events. audited in plain text when including the request body in audit events.
@ -487,18 +454,14 @@ xpack.security.audit.index.settings:
==== Forwarding Audit Logs to a Remote Cluster ==== Forwarding Audit Logs to a Remote Cluster
To index audit events to a remote Elasticsearch cluster, you configure To index audit events to a remote Elasticsearch cluster, you configure
the following `xpack.security.audit.index.client` settings. the following `xpack.security.audit.index.client` settings:
.Remote Audit Log Indexing Configuration * `xpack.security.audit.index.client.hosts`
[options="header"] * `xpack.security.audit.index.client.cluster.name`
|====== * `xpack.security.audit.index.client.xpack.security.user`
| Attribute | Description
| `xpack.security.audit.index.client.hosts` | Comma-separated list of `host:port` pairs. These hosts For more information about these settings, see
should be nodes in the remote cluster. {ref}/auditing-settings.html#remote-audit-settings[Remote Audit Log Indexing Configuration Settings].
| `xpack.security.audit.index.client.cluster.name` | The name of the remote cluster.
| `xpack.security.audit.index.client.xpack.security.user` | The `username:password` pair to use to authenticate with
the remote cluster.
|======
You can pass additional settings to the remote client by specifying them in the You can pass additional settings to the remote client by specifying them in the
`xpack.security.audit.index.client` namespace. For example, to allow the remote `xpack.security.audit.index.client` namespace. For example, to allow the remote