Value of audit_node_host_address is the same as audit_request_remote_address in audit logs

Ondrej1 · February 21, 2023, 3:10pm

Hi,

Hi i turned on audit logging in opensearch and I would like to ask why value of audit_node_host_address is the same as audit_request_remote_address in audit logs. Is it caused by wrong configuration or i dont have missing plugins?

This is example of my aduit logs:

{
“_index” : “auditlog-example”,
“_id” : “u3gHdIYBb6OSp6DcmJph”,
“_score” : 1.0,
“_source” : {
“audit_cluster_name” : “cluster_name”,
“audit_transport_headers” : {
“_system_index_access_allowed” : “false”
},
“audit_node_name” : “node_name”,
“audit_trace_task_id” : “9h2UnFxdTVyOXI4TCgoqrg:2074017”,
“audit_transport_request_type” : “GetIndexRequest”,
“audit_category” : “INDEX_EVENT”,
“audit_request_origin” : “REST”,
“audit_node_id” : “9h2UnFxdTVyOXI4TCgoqrg”,
“audit_request_layer” : “TRANSPORT”,
“@timestamp” : “2023-02-21T12:51:40.255+00:00”,
“audit_format_version” : 4,
“audit_request_remote_address” : “10.89.0.105”,
“audit_request_privilege” : “indices:admin/get”,
“audit_node_host_address” : “10.89.0.105”,
“audit_request_effective_user” : “admin”,
“audit_trace_indices” : [
“*”
],
“audit_trace_resolved_indices” : [
],
“audit_node_host_name” : “10.89.0.105”
}
}

Thanks for helping.

system · April 22, 2023, 3:10pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Opensearch Audit log issue OpenSearch troubleshoot , feature-request	5	288	November 10, 2023
Audit log not getting OpenSearch	8	355	November 17, 2023
Logstash OpenSearch plugin making lots of get and put requests OpenSearch discuss	1	157	October 17, 2023
Remote cluster between es and opensearch OpenSearch troubleshoot	10	359	April 6, 2023
Kibana Cross Cluster Search Open Source Elasticsearch and Kibana	4	1924	October 22, 2021

Value of audit_node_host_address is the same as audit_request_remote_address in audit logs

Related Topics