Help Center> Cloud Search Service> FAQs> Cluster Management> Parameter Configuration> How Do I Enable the Audit Log Function for an Elasticsearch Cluster?
Updated on 2024-07-02 GMT+08:00
View PDF

How Do I Enable the Audit Log Function for an Elasticsearch Cluster?

Currently, CSS Elasticsearch clusters of the 7.6.2 and later versions support the audit log function. By default, this function is disabled.

The cluster must be a security cluster.

  1. Log in to the CSS management console.
  2. In the navigation pane, choose Clusters. The cluster list is displayed.
  3. Click the name of the target cluster to go to the cluster details page.
  4. In the navigation pane on the left, choose Parameter Configurations. Click Edit, expand the Customize parameter, and click Add.

    Set Key to opendistro_security.audit.type and Value to internal_elasticsearch.

    Figure 1 Configuring a custom parameter
  5. After the modification is complete, click Submit.In the displayed Submit Configuration dialog box, select the box indicating "I understand that the modification will take effect after the cluster is restarted." and click Yes.

    If the Status is Succeeded in the parameter modification list, the modification has been saved.

  6. Return to the cluster list and choose More > Restart in the Operation column to restart the cluster and make the modification take effect.
  7. After the cluster is restarted, click Access Kibana in the Operation column. On the displayed page, enter the username and password. The Dev Tools page is displayed.
  8. In the Console page, run the GET _cat/indices?v command. If there are indexes related to .*audit* index, the audit log function is enabled.
Parent topic: Parameter Configuration

Parameter Configuration FAQs

more