I checked documentation and forum but couldn’t easily find anything like this.
We currently have a configuration like this
# IMPORTANT FOR LOGIN/LOGOUT TO WORK
response_if_req_forbidden: "Computer says no!"
And this logs the audit log to the index.
But also sends the audit log to the elasticsearch.log log file on disk, this is not necessary for me.
Is there a way to remove this from the logfile without having to configure custom log4j settings (like to keep things as much default as possible )
We are forwarding the logs to a secondary Elasticsearch and dropping these lines in the Logstash there.
So we have a workaround, I was just curious if this was still on the roadmap.
No rush, no need to hurry (at least not for me)