Can the audit index be written to different cluster?


#1

hi,
since we have an ES cluster to hold all our logs i wonder if there is a way to send all the messages to that specific cluster instead of using the current one ?

thanks.


(Simone Scarduzio) #2

Hi @sdba2,

Excellent point. This is one of the few thing that X-Pack Security does and ROR does not yet do.
It’s technically very much possible to write a custom serialiser that uses the high level Elasticsearch client for Java to send events to the remote cluster and skip the local writer.

Will do this if we gather enough traction in the “new feature ideas” forum poll category. Could you please write an entry there?


#3

thanks,
just open one.