Skip to content

[DOCS] [7.8] Update audit-settings.asciidoc (#61610) #61648

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lockewritesdocs merged 1 commit into from
Aug 27, 2020
Merged

[DOCS] [7.8] Update audit-settings.asciidoc (#61610) #61648

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 11 additions & 11 deletions docs/reference/settings/audit-settings.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,22 +28,22 @@ by using the following settings:

[[xpack-sa-lf-events-include]]
// tag::xpack-sa-lf-events-include-tag[]
`xpack.security.audit.logfile.events.include` {ess-icon}::
`xpack.security.audit.logfile.events.include`::
Specifies which events to include in the auditing output. The default value is:
`access_denied, access_granted, anonymous_access_denied, authentication_failed,
connection_denied, tampered_request, run_as_denied, run_as_granted`.
// end::xpack-sa-lf-events-include-tag[]

[[xpack-sa-lf-events-exclude]]
// tag::xpack-sa-lf-events-exclude-tag[]
`xpack.security.audit.logfile.events.exclude` {ess-icon}::
`xpack.security.audit.logfile.events.exclude`::
Excludes the specified events from the output. By default, no events are
excluded.
// end::xpack-sa-lf-events-exclude-tag[]

[[xpack-sa-lf-events-emit-request]]
// tag::xpack-sa-lf-events-emit-request-tag[]
`xpack.security.audit.logfile.events.emit_request_body` {ess-icon}::
`xpack.security.audit.logfile.events.emit_request_body`::
Specifies whether to include the request body from REST requests on certain
event types such as `authentication_failed`. The default value is `false`.
+
Expand All @@ -59,28 +59,28 @@ audited in plain text when including the request body in audit events.

[[xpack-sa-lf-emit-node-name]]
// tag::xpack-sa-lf-emit-node-name-tag[]
`xpack.security.audit.logfile.emit_node_name` {ess-icon}::
`xpack.security.audit.logfile.emit_node_name`::
Specifies whether to include the <<node.name,node name>> as a field in
each audit event. The default value is `false`.
// end::xpack-sa-lf-emit-node-name-tag[]

[[xpack-sa-lf-emit-node-host-address]]
// tag::xpack-sa-lf-emit-node-host-address-tag[]
`xpack.security.audit.logfile.emit_node_host_address` {ess-icon}::
`xpack.security.audit.logfile.emit_node_host_address`::
Specifies whether to include the node's IP address as a field in each audit event.
The default value is `false`.
// end::xpack-sa-lf-emit-node-host-address-tag[]

[[xpack-sa-lf-emit-node-host-name]]
// tag::xpack-sa-lf-emit-node-host-name-tag[]
`xpack.security.audit.logfile.emit_node_host_name` {ess-icon}::
`xpack.security.audit.logfile.emit_node_host_name`::
Specifies whether to include the node's host name as a field in each audit event.
The default value is `false`.
// end::xpack-sa-lf-emit-node-host-name-tag[]

[[xpack-sa-lf-emit-node-id]]
// tag::xpack-sa-lf-emit-node-id-tag[]
`xpack.security.audit.logfile.emit_node_id` {ess-icon}::
`xpack.security.audit.logfile.emit_node_id`::
Specifies whether to include the node id as a field in each audit event.
This is available for the new format only. That is to say, this information
does not exist in the `<clustername>_access.log` file.
Expand All @@ -101,21 +101,21 @@ and not printed.

[[xpack-sa-lf-events-ignore-users]]
// tag::xpack-sa-lf-events-ignore-users-tag[]
`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.users` {ess-icon}::
`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.users`::
A list of user names or wildcards. The specified policy will
not print audit events for users matching these values.
// end::xpack-sa-lf-events-ignore-users-tag[]

[[xpack-sa-lf-events-ignore-realms]]
// tag::xpack-sa-lf-events-ignore-realms-tag[]
`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.realms` {ess-icon}::
`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.realms`::
A list of authentication realm names or wildcards. The specified policy will
not print audit events for users in these realms.
// end::xpack-sa-lf-events-ignore-realms-tag[]

[[xpack-sa-lf-events-ignore-roles]]
// tag::xpack-sa-lf-events-ignore-roles-tag[]
`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.roles` {ess-icon}::
`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.roles`::
A list of role names or wildcards. The specified policy will
not print audit events for users that have these roles. If the user has several
roles, some of which are *not* covered by the policy, the policy will
Expand All @@ -124,7 +124,7 @@ roles, some of which are *not* covered by the policy, the policy will

[[xpack-sa-lf-events-ignore-indices]]
// tag::xpack-sa-lf-events-ignore-indices-tag[]
`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.indices` {ess-icon}::
`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.indices`::
A list of index names or wildcards. The specified policy will
not print audit events when all the indices in the event match
these values. If the event concerns several indices, some of which are
Expand Down