our setup consists of elasticsearch 2.4.4 running on a 1.8.0_121 JVM and with readonlyrest version 1.16.15_es2.4.4.
The access protection works as expected, we can see the colored readonlyrest warnings and info messages in the elasticsearch log file.
And every day, a new audit log index with a name such as ‘readonlyrest_audit-2018-01-20’ is created.
But theses indices remain empty.
response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
- name: ":: common user::"
- name: "::KIBANA USER::"
indices: [".kibana", ".kibana*", "dc*"]
- name: "Global Access"
Is the audit collector feature available for these older versions of elasticsearch?
What is the typical reason, if audit logs are not ingested into the corresponding indices?