Remove audit log information from elasticsearch log

I checked documentation and forum but couldn’t easily find anything like this.
We currently have a configuration like this

readonlyrest:
  enable: true
# IMPORTANT FOR LOGIN/LOGOUT TO WORK
  prompt_for_basic_auth: false
  response_if_req_forbidden: "Computer says no!"
  audit_collector: true
  audit_index_template: "'readonlyrest_audit'-yyyy.MM"

And this logs the audit log to the index.
But also sends the audit log to the elasticsearch.log log file on disk, this is not necessary for me.
Is there a way to remove this from the logfile without having to configure custom log4j settings (like to keep things as much default as possible :slight_smile: )

Elasticsearch 6.8.0
RoR: 1.19.x

Yes this would be useful, in my opinion we should support this:

Either:

readonlyrest:
  audit_collector: true

Or:

readonlyrest:
  audit_collector: ["log", "index"] # also valid ["index"] in your case

@coutoPL WDYT?

yes, makes sense. We can do it.

Hi,
Any idea when this will be ready?
Thnx!

I’m afraidi this will need to wait until next sprint at least. We are busy making ROR work with Kubernetes, there’s a memory leak in YAML parser to be taken care of, and the fields rule optimisations.

I think this can be worked around with a log4j line in the meantime?

We are forwarding the logs to a secondary Elasticsearch and dropping these lines in the Logstash there.
So we have a workaround, I was just curious if this was still on the roadmap.
No rush, no need to hurry (at least not for me)

1 Like

OK good to know :slight_smile: It’s definitely a good idea for our roadmap, so we plan to implement it.