Hello friends! I need to collect audit information simultaneously in the index and external log file. If i write only to index:
plugins.security.audit.type: opensearch_internal
it’s work fine.
But if I want to write in the log4j configuration:
plugins.security.audit.type: opensearch_internal | log4j
then data collection stops working both in the internal index and an external file is not created. So not working log4j configuration only.
Help me please, have anyone a working config for my situation?
Is t necessary to add something to the config /etc/opensearch/log4j2.properties?
my config for opensearch.yaml:
plugins.security.audit.type: opensearch_internal | log4j
plugins.security.audit.config.log4j.logger_name: auditlogger
plugins.security.audit.config.log4j.level: INFO
Config of log4j2.properties is default.
In 1.x versions I tried this configuration and it worked, but on version 2.1-2.5 not.