yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
03e77f3e5b0080047fdcb72efdfd3333dd3bcf92
doc-exports/docs/css/umn/css_02_0150.html
zhengxiu 93d856d5c5 css umn 25.6.0 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: zhengxiu <zhengxiu@huawei.com>
Co-committed-by: zhengxiu <zhengxiu@huawei.com>
2025-11-25 11:34:43 +00:00

18 lines
5.0 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001933159202"></a><a name="EN-US_TOPIC_0000001933159202"></a>
<h1 class="topictitle1">How Do I Enable Audit Logs for a CSS Cluster?</h1>
<div id="body0000001796008676"><p id="EN-US_TOPIC_0000001933159202__p16762141220530">Audit logs can be enabled for security-mode Elasticsearch 7.6.2 clusters as well as security-mode OpenSearch clusters.</p>
<p id="EN-US_TOPIC_0000001933159202__p1023315374178">Audit logs are disabled for Elasticsearch clusters by default.</p>
<ol id="EN-US_TOPIC_0000001933159202__ol188666331330"><li id="EN-US_TOPIC_0000001933159202__li118641125917"><span id="EN-US_TOPIC_0000001933159202__ph4222205142920">Log in to the CSS management console.</span></li><li id="EN-US_TOPIC_0000001933159202__li1125444523214">In the navigation pane on the left, expand <strong id="EN-US_TOPIC_0000001933159202__b11841399584223">Clusters</strong>. Select a cluster type based on the target cluster. The cluster list is displayed.</li><li id="EN-US_TOPIC_0000001933159202__li3221165815598">In the cluster list, click the name of the target cluster. The cluster information page is displayed.</li><li id="EN-US_TOPIC_0000001933159202__li144141039617">Choose <strong id="EN-US_TOPIC_0000001933159202__b8173261094223">Cluster Settings</strong> &gt; <strong id="EN-US_TOPIC_0000001933159202__b16595336474223">Parameter Settings</strong>.</li><li id="EN-US_TOPIC_0000001933159202__li229325643518">Click <strong id="EN-US_TOPIC_0000001933159202__b14991310914223">Edit</strong>, expand <strong id="EN-US_TOPIC_0000001933159202__b422461084223">Custom</strong>, and click <strong id="EN-US_TOPIC_0000001933159202__b12825568934223">Add</strong>.<ul id="EN-US_TOPIC_0000001933159202__ul321173325120"><li id="EN-US_TOPIC_0000001933159202__li321113331511">For an Elasticsearch cluster, set <strong id="EN-US_TOPIC_0000001933159202__b261778373352">Key</strong> to <strong id="EN-US_TOPIC_0000001933159202__b110208480973352">opendistro_security.audit.type</strong> and <strong id="EN-US_TOPIC_0000001933159202__b146626978773352">Value</strong> to <strong id="EN-US_TOPIC_0000001933159202__b180907300173352">internal_elasticsearch</strong>.</li><li id="EN-US_TOPIC_0000001933159202__li1714020817527">For an OpenSearch cluster, set <strong id="EN-US_TOPIC_0000001933159202__b1554098111320">Key</strong> to <strong id="EN-US_TOPIC_0000001933159202__b1646761516136">plugins.security.audit.type</strong> and <strong id="EN-US_TOPIC_0000001933159202__b7435193016138">Value</strong> to <strong id="EN-US_TOPIC_0000001933159202__b13691741191316">internal_opensearch</strong>.</li></ul>
</li><li id="EN-US_TOPIC_0000001933159202__li12682102113577">After the change is complete, click <strong id="EN-US_TOPIC_0000001933159202__b181733571139">Submit</strong>.In the displayed <strong id="EN-US_TOPIC_0000001933159202__b917305711313">Submit Configuration</strong> dialog box, select the box indicating "I understand that the modification will take effect after the cluster is restarted." and click <strong id="EN-US_TOPIC_0000001933159202__b81736571136">Yes</strong>.<p id="EN-US_TOPIC_0000001933159202__p0505822115818">If the <strong id="EN-US_TOPIC_0000001933159202__b1441624515419">Status</strong> is <strong id="EN-US_TOPIC_0000001933159202__b2416174519548">Succeeded</strong> in the parameter change list, the change has been saved.</p>
</li><li id="EN-US_TOPIC_0000001933159202__li118883475819">Click <strong id="EN-US_TOPIC_0000001933159202__b1126680237">Restart</strong> in the upper right corner to restart the cluster, thus making the change take effect.</li><li id="EN-US_TOPIC_0000001933159202__li179441117111916">After cluster restart, check whether audit logs have been enabled.<ol type="a" id="EN-US_TOPIC_0000001933159202__ol525692213192"><li id="EN-US_TOPIC_0000001933159202__li9666192916207">For an Elasticsearch cluster, click <span class="uicontrol" id="EN-US_TOPIC_0000001933159202__uicontrol1630020219205"><b>Kibana</b></span> in the <strong id="EN-US_TOPIC_0000001933159202__b311918415418">Operation</strong> column to log in to Kibana. For an OpenSearch cluster, click <span class="uicontrol" id="EN-US_TOPIC_0000001933159202__uicontrol101681218387"><b>Dashboards</b></span> in the <strong id="EN-US_TOPIC_0000001933159202__b091162554">Operation</strong> column to log in to OpenSearch Dashboards.</li><li id="EN-US_TOPIC_0000001933159202__li811824512111">Expand the menu in the upper-left corner, and choose <strong id="EN-US_TOPIC_0000001933159202__b11278218814223">Dev Tools</strong>.</li><li id="EN-US_TOPIC_0000001933159202__li7648151118542">Run the following command. If the result contains indexes whose name contain <span class="parmvalue" id="EN-US_TOPIC_0000001933159202__parmvalue1414112092312"><b>.*audit*</b></span>, audit logs have been enabled.<pre class="screen" id="EN-US_TOPIC_0000001933159202__screen1524614720241">GET _cat/indices?v</pre>
</li></ol>
</li></ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="css_02_0137.html">Managing CSS Clusters</a></div>
</div>
</div>
View Git Blame Copy Permalink