Skip to content

Commit 1427203

Browse files
Docs be explicit on how to turn off deprecated auditing (#37316)
Just be explicit about turning off the deprecated audit log appender because we really want people to turn it off.
1 parent c06b0b5 commit 1427203

File tree

1 file changed

+30
-5
lines changed

1 file changed

+30
-5
lines changed

x-pack/docs/en/security/auditing/output-logfile.asciidoc

Lines changed: 30 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,36 @@ the `<clustername>_audit.log` file in the logs directory. To maintain
77
compatibility with releases prior to 6.5.0, a `<clustername>_access.log` file
88
is also generated. They differ in the output format but the contents
99
are similar. For systems that are not ingesting the audit file for search or
10-
analytics it is strongly recommended to only keep the newer format.
11-
Turning off the deprecated output format can be achieved by disabling the logger
12-
in the `log4j2.properties` file (hint: there is a config comment
13-
about it).
14-
For more information, see {ref}/logging.html#configuring-logging-levels[configuring-logging].
10+
analytics it is strongly recommended to keep only the newer format.
11+
12+
To turn off the deprecated output format, you can disable the logger in the
13+
`log4j2.properties` file:
14+
15+
[source, properties]
16+
--------------------------------------------------
17+
# change info to off
18+
# logger.xpack_security_audit_deprecated_logfile.level = info
19+
logger.xpack_security_audit_deprecated_logfile.level = off
20+
--------------------------------------------------
21+
22+
Alternatively, use the
23+
{ref}/cluster-update-settings.html[cluster update settings API] to dynamically
24+
configure the logger:
25+
26+
[source,js]
27+
--------------------------------------------------
28+
PUT /_cluster/settings
29+
{
30+
"persistent": {
31+
"logger.org.elasticsearch.xpack.security.audit.logfile.DeprecatedLoggingAuditTrail": "off"
32+
}
33+
}
34+
--------------------------------------------------
35+
// CONSOLE
36+
37+
NOTE: If you overwrite the `log4j2.properties` and do not specify appenders for
38+
any of the audit trails, audit events are forwarded to the root appender, which
39+
by default points to the `elasticsearch.log` file.
1540

1641

1742
[float]

0 commit comments

Comments
 (0)