Remove audit log information from elasticsearch log

1

I checked documentation and forum but couldn’t easily find anything like this.
We currently have a configuration like this

readonlyrest:
  enable: true
# IMPORTANT FOR LOGIN/LOGOUT TO WORK
  prompt_for_basic_auth: false
  response_if_req_forbidden: "Computer says no!"
  audit_collector: true
  audit_index_template: "'readonlyrest_audit'-yyyy.MM"

And this logs the audit log to the index.
But also sends the audit log to the elasticsearch.log log file on disk, this is not necessary for me.
Is there a way to remove this from the logfile without having to configure custom log4j settings (like to keep things as much default as possible :slight_smile: )

Elasticsearch 6.8.0
RoR: 1.19.x

2

Yes this would be useful, in my opinion we should support this:

Either:

readonlyrest:
  audit_collector: true

Or:

readonlyrest:
  audit_collector: ["log", "index"] # also valid ["index"] in your case

@coutoPL WDYT?

3

yes, makes sense. We can do it.

4

Hi,
Any idea when this will be ready?
Thnx!

5

I’m afraidi this will need to wait until next sprint at least. We are busy making ROR work with Kubernetes, there’s a memory leak in YAML parser to be taken care of, and the fields rule optimisations.

I think this can be worked around with a log4j line in the meantime?

6

We are forwarding the logs to a secondary Elasticsearch and dropping these lines in the Logstash there.
So we have a workaround, I was just curious if this was still on the roadmap.
No rush, no need to hurry (at least not for me)

1 Like
7

OK good to know :slight_smile: It’s definitely a good idea for our roadmap, so we plan to implement it.

8

Hi,
Any update on this?

9

This task got buried because we had very little bandwidth until last month when we released the rewritten ROR Enterprise. I bumped this to next sprint. Will bubble up during next couple of months.

2 Likes