6

I opened couple client nodes with http 9200 to sever ElasticSearch queries/indices. I wanna log the access log from clients via http 9200, just like Http-Apache has the access.log. How should I enable this in ES please.

Improve this question

1 Answer 1

Reset to default
6

There's no such thing in Elasticsearch itself.

However, if you install the Shield plugin, you can enable auditing by adding this to your elasticsearch.yml configuration file.

shield.audit.enabled: true

You'll then get a new file called elasticsearch-access.log in your ES logs folder.

UPDATE by @lucabelluccini: Shield audit logs to syslog

In case you are interested in forwarding such audit logs to syslog, you can thanks to log4j SyslogAppender class which allows to forward logs to syslog via local socket.

Edit your logging.yml (customize the format etc...)

appender:
  syslog:
    type: org.apache.log4j.net.SyslogAppender
    syslogHost: localhost
    facility: local0
    layout:
      type: org.apache.log4j.PatternLayout
      conversionPattern: "%d{ISO8601} %t %p %c %M %m %n"

Ensure rsyslog configuration allows UDP sources.

Associate this appender to the shield audit topic.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.