Reputation: 5890
how to enable ElasticSearch http access log
I opened couple client nodes with http 9200 to sever ElasticSearch queries/indices. I wanna log the access log from clients via http 9200, just like Http-Apache has the access.log. How should I enable this in ES please.
Upvotes: 6
Views: 11347
Answers (1)
Reputation: 217564
There's no such thing in Elasticsearch itself.
However, if you install the Shield plugin, you can enable auditing by adding this to your elasticsearch.yml configuration file.
shield.audit.enabled: true
You'll then get a new file called elasticsearch-access.log in your ES logs folder.
UPDATE by @lucabelluccini: Shield audit logs to syslog
In case you are interested in forwarding such audit logs to syslog, you can thanks to log4j SyslogAppender class which allows to forward logs to syslog via local socket.
Edit your logging.yml (customize the format etc...)
appender:
syslog:
type: org.apache.log4j.net.SyslogAppender
syslogHost: localhost
facility: local0
layout:
type: org.apache.log4j.PatternLayout
conversionPattern: "%d{ISO8601} %t %p %c %M %m %n"
Ensure rsyslog configuration allows UDP sources.
Associate this appender to the shield audit topic.
Upvotes: 6
Related Questions
- Removing Data From ElasticSearch
- Make elasticsearch only return certain fields?
- Elasticsearch - Bootstrap checks failing
- How to enable query logging in Spring-data-elasticsearch
- Elasticsearch query to return all records
- Can't connect to ElasticSearch server using Java API
- How to setup Elasticsearch client nodes?
- camel elasticsearch access port 80
- Secure Elasticsearch access via browser