Index the audit entries to different cluster

New Features Ideas
1

:bulb: index the audit entries to different cluster

since we index our logs to specific cluster it would be nice if we could index the entries from ROR to different ES cluster instead of indexing it the current

:eyes: Example

parameters could look like :

es_remote_name:
es_remote_port:
es_index_template:
es_user:
es_pwd:

:rocket: Letโ€™s do this?

  • 1
  • 2
  • 3
  • 4
  • 5

0 voters

2

In general we need to do this โ€“ log the audit to our monitoring cluster. But typically we donโ€™t allow direct wrting to that cluster; all input goes thru kafka. So maybe a generic plugin to process the audit log entries?

In the meantime we intend to use a logstash es-input -> kafka-output to replicate the audit log from the data clusters to the monitoring cluster.

3

Yes I suggest logstash es input!

4

Yes, agreed. Why hang more ancillary stuff on ror when logstash has the solution ready made.