Versions (relevant - OpenSearch):
Describe the issue:
When applying audit log settings they do not take effect. See screenshot of the configuration not being applied. Its also worth pointing out i removed the ignore_users setting as it was throwing an error.
plugins.security.audit.config.ignore_users: - kibanaserver - filebeat
The work around is to use the UI to configure however this is not efficient for us as its an additional step following installation and every time we re-apply our code for configuration updates the configuration gets removed and requires re-applying via the UI.
Any help would be really appreciated to get this fixed.
plugins.security.audit.config.index: "security-auditlog-'YYYY.MM.dd'" plugins.security.audit.type: internal_opensearch plugins.security.allow_unsafe_democertificates: false plugins.security.allow_default_init_securityindex: false plugins.security.audit.config.enable_rest: true plugins.security.audit.config.enable_transport: true plugins.security.audit.config.log_request_body: true plugins.security.audit.config.resolve_indices: true plugins.security.audit.config.disabled_rest_categories: NONE plugins.security.audit.config.disabled_transport_categories: NONE
Relevant Logs or Screenshots: