Audit log success login

comijac · February 9, 2021, 3:46pm

I am using elk 7.10.0 with opendistro plugins : security, alerting, anomaly detector, and Audit log

For this last plugin is it possible to track successfull login : date, login … from security-auditlog-* index ?

I have seen event for failed_login but not for success_login.
I have not found such a possibility in the documents of security-auditlog-* index.

Anthony · February 17, 2021, 4:39pm

@comijac
The Audit logging configuration has been moved to kibana since 1.10.1, There is an option in the kibana GUI, under Security - Audit logs - REST disabled categories Remove any entries from there and you should start seeing AUTHENTICATED / GRANTED_PRIVILEGES events, There will be quite a few entries for the same login however, due to how it’s currently built, just to bare in mind.

Topic		Replies	Views
Audit Logs - Showing "FAILED_LOGIN" for successful login attempts Security	5	2669	September 30, 2020
Kibana Monitoring Logins Internal Users & LDAP Security	2	748	March 10, 2021
Audit Logs for OpenDistro Security	3	1147	February 18, 2021
Audit All user actions Security	2	589	May 5, 2021
Kibana Audit Logs Security	1	1387	March 8, 2021

Audit log success login

Related topics