Hi all
Previously, the content field logged the request body.
Now, after updating the ROR plugin, this field is missing.
Can you advise how to restore it?
We were very surprised by its disappearance during an incident investigation.
I guess you want to have two audit outputs: the remote cluster one and the local one.
The multi-output is supported only by the new audit configuration syntax.
You mix the old syntax with the new one.
It seems this is what you want:
readonlyrest:
prompt_for_basic_auth: false
response_if_req_forbidden: Wrong password or try clearing your browser cache
audit:
enabled: true # both audit outputs are enabled
outputs:
- type: index # local cluster index
index_template: "'.readonlyrest-audit'-yyyy-MM-dd"
serializer: tech.beshu.ror.requestcontext.QueryAuditLogSerializer # we use the serializer with the "content" field in case of this output
- type: index # remote clusters indices (the default serializer is used)
cluster: ["http://1.1.1.:9201" , "http://2.2.2.2:9201", "http://3.3.3.3:9201" ]
index_template: "'readonlyrest-xcs-access'-yyyy-MM-dd"