Audit Logs for OpenDistro

Kain_Nillian · October 12, 2020, 11:23am

Hello,

The problem is the following. I have followed the instructions in Audit Logs - Open Distro Documentation
But it seems that this part does not work:

After this initial setup, you can use Kibana to manage your audit log categories and other settings. In Kibana, choose Security , Audit logs .

I do not have Audit Logs tab in Security window.
Also I am not able to find Audit Logs.

My elasticsearch.yml has this settings:
opendistro_security.audit.type: internal_elasticsearch
opendistro_security.audit.config.index: “'elk-test-audit-'YYYY.MM.dd”
opendistro_security.audit.ignore_users: NONE
opendistro_security.audit.enable_rest: true
opendistro_security.audit.enable_transport: true

I am running OpenDistro version 1.7.0.0
Please help.

nickname1 · October 12, 2020, 2:26pm

The “Security, Audit logs” tab is only available from 1.10.1 version.

Kain_Nillian · October 13, 2020, 6:16am

Ok, thanks. But what about Audit Logs? I still don’t have AUTHENTICATED, GRANTED_PRIVILEGES, etc. logs?

Anthony · February 18, 2021, 9:01pm

@Kain_Nillian The below lines needs to be added to the elasticsearch file:

opendistro_security.audit.config.disabled_rest_categories: NONE
opendistro_security.audit.config.disabled_transport_categories: NONE

Hope this helps

Topic		Replies	Views
Kibana Audit Logs Security	1	1308	March 8, 2021
Use Audit Logging from Elasticsearch.yml Only? Security	2	438	March 15, 2021
Audit Logs - Showing "FAILED_LOGIN" for successful login attempts Security	5	2481	September 30, 2020
Kibana Monitoring Logins Internal Users & LDAP Security	2	698	March 10, 2021
Audit log success login Security	1	475	February 17, 2021

Audit Logs for OpenDistro

Related Topics