Versions : OpenSearch 2.14
Describe the issue:
I removed all audit logs categories from the disabled categories in the GUI. So far, it works well. I would like that the audit.yml file also has the same configuration than the GUI, because if someone use the audit.yml file in the future to change settings using CLI, it might overwrite the settings that I did in the GUI.
The documentation state to use NONE in the audit.yml file but the formatting of the file in the documentation is not the same as in the audit.yml file and I don’t want to have problems. In the documentation, it seem to be a comma separated list, but in the file, it seems to be using dashes and new lines to separate options.
Documentation says to replace this:
plugins.security.audit.config.disabled_rest_categories: AUTHENTICATED, GRANTED_PRIVILEGES
plugins.security.audit.config.disabled_transport_categories: AUTHENTICATED, GRANTED_PRIVILEGES
By this:
plugins.security.audit.config.disabled_rest_categories: NONE
plugins.security.audit.config.disabled_transport_categories: NONE
But the file is in this format instead:
disabled_rest_categories:
- AUTHENTICATED
- GRANTED_PRIVILEGES
disabled_transport_categories:
- AUTHENTICATED
- GRANTED_PRIVILEGES
Should I use:
- NONE
Or should I leave it empty?
Or should I use : NONE
What’s the correct way to do this?
How should I modify my audit.yml file?
Thank you very much!
Konnan