doc-exports/docs/css/umn/css_02_0150.html

<a name="css_02_0150"></a><a name="css_02_0150"></a>

<h1 class="topictitle1">How Do I Enable Audit Logs for an Elasticsearch or OpenSearch Cluster of CSS?</h1>
<div id="body0000001796008676"><p id="css_02_0150__p8060118">Audit logs are disabled for Elasticsearch clusters by default.</p>
<p id="css_02_0150__p16762141220530">Audit logs can be enabled for security-mode Elasticsearch 7.6.2 clusters as well as security-mode OpenSearch clusters.</p>
<ol id="css_02_0150__ol188666331330"><li id="css_02_0150__li1867173314335">Log in to the CSS management console.</li><li id="css_02_0150__li619332410521">In the navigation pane, choose <strong id="css_02_0150__b6628455161112">Clusters</strong>. The cluster list is displayed.</li><li id="css_02_0150__li5588182716353">Click the name of the target cluster to go to the cluster details page.</li><li id="css_02_0150__li229325643518">In the navigation pane on the left, choose <strong id="css_02_0150__b123226461505">Parameter Configurations</strong>. Click <strong id="css_02_0150__b7296841113">Edit</strong>, expand the <strong id="css_02_0150__b167171279111">Customize</strong> parameter, and click <strong id="css_02_0150__b59947101911">Add</strong>.<ul id="css_02_0150__ul321173325120"><li id="css_02_0150__li321113331511">For an Elasticsearch cluster, set <strong id="css_02_0150__b261778373352">Key</strong> to <strong id="css_02_0150__b110208480973352">opendistro_security.audit.type</strong> and <strong id="css_02_0150__b146626978773352">Value</strong> to <strong id="css_02_0150__b180907300173352">internal_elasticsearch</strong>.</li><li id="css_02_0150__li1714020817527">For an OpenSearch cluster, set <strong id="css_02_0150__b1554098111320">Key</strong> to <strong id="css_02_0150__b1646761516136">plugins.security.audit.type</strong> and <strong id="css_02_0150__b7435193016138">Value</strong> to <strong id="css_02_0150__b13691741191316">internal_opensearch</strong>.</li></ul>
<div class="fignone" id="css_02_0150__fig51094499515"><span class="figcap"><b>Figure 1 </b>Configuring a custom parameter</span><br><span><img id="css_02_0150__image71491432132510" src="en-us_image_0000001960397717.png"></span></div>
</li><li id="css_02_0150__li12682102113577">After the change is complete, click <strong id="css_02_0150__b181733571139">Submit</strong>.In the displayed <strong id="css_02_0150__b917305711313">Submit Configuration</strong> dialog box, select the box indicating "I understand that the modification will take effect after the cluster is restarted." and click <strong id="css_02_0150__b81736571136">Yes</strong>.<p id="css_02_0150__p0505822115818">If the <strong id="css_02_0150__b1441624515419">Status</strong> is <strong id="css_02_0150__b2416174519548">Succeeded</strong> in the parameter change list, the change has been saved.</p>
</li><li id="css_02_0150__li195461759181418">Return to the cluster list and choose <strong id="css_02_0150__b1585016561543">More</strong> &gt; <strong id="css_02_0150__b1285025620545">Restart</strong> in the <strong id="css_02_0150__b48511256135416">Operation</strong> column to restart the cluster and make the change take effect.</li><li id="css_02_0150__li7648151118542">After the cluster is restarted, click <strong id="css_02_0150__b4559214172115">Access Kibana</strong> in the <strong id="css_02_0150__b104511516132111">Operation</strong> column. On the displayed page, enter the username and password. The <strong id="css_02_0150__b12334092118">Dev Tools</strong> page is displayed.</li><li id="css_02_0150__li686375916578">In the <strong id="css_02_0150__b1654823132215">Console</strong> page, run the <b><span class="cmdname" id="css_02_0150__cmdname15802814957">GET _cat/indices?v</span></b> command. If there are indexes related to <strong id="css_02_0150__b151553313224">.*audit*</strong>, the audit log function is enabled.</li></ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="css_02_0137.html">Managing CSS Clusters</a></div>
</div>
</div>