Kibana Audit Logs

khris_tian · August 12, 2020, 11:55am

Can anyone tell me if the kibana audit logs are also included in the security audit logs stored by opendistro when configuring elasticsearch.yml as per Audit Logs - Open Distro Documentation ?

X-pack documentation refers to kibana audit logs as a separate thing that need to be configured through kibana.yml (Audit logs | Kibana Guide [8.4] | Elastic). Is it the same with opendistro? Are they also only sent to stdout by default?

Or can I set opendistro_security.audit.type directly in kibana.yml?

My end goal is to store all audit logs to an external store, either Azure blob storage or Azure Log Analytics. I thing I may be able to achieve that using a custom log4j appender for the elasticsearch logs but I need to know if I need to find a way to also do this for kibana.

Thanks

Anthony · March 8, 2021, 10:43pm

@khris_tian which kibana audit log are you referring to? security plugin comes with audit log which is stored in separate index, external configuration is possible. This covers all access to kibana, protected indices etc. But I’m not sure what you mean by kibana audit log, is it the usual log from kibana?

Topic		Replies	Views
Use Audit Logging from Elasticsearch.yml Only? Security	2	484	March 15, 2021
Audit Logs for OpenDistro Security	3	1149	February 18, 2021
Audit Logs - Showing "FAILED_LOGIN" for successful login attempts Security	5	2702	September 30, 2020
OpenDistro Kibana Login Allowing any login Security	9	5674	May 27, 2020
Audit Log not working Security	1	1393	April 27, 2021

Kibana Audit Logs

Related topics