It is time to say goodbye: This version of Elastic Cloud Enterprise has reached end-of-life (EOL) and is no longer supported.
The documentation for this version is no longer being maintained. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Enable auditing
editEnable auditing
editWith auditing enabled you can keep track of security-related events, such as successful and unsuccessful authorization attempts on the cluster. In Elastic Cloud Enterprise, in order to see audit events for both Elasticsearch and Kibana, you need to enable auditing for each component separately.
To enable auditing for Elasticsearch:
- Log into the Cloud UI.
-
On the Deployments page, select your deployment.
Narrow the list by name, ID, or choose from several other filters. To further define the list, use a combination of filters.
- From your deployment menu, go to the Edit page.
- At the bottom of the first Elasticsearch node, expand the User settings overrides caret.
-
Add the setting
xpack.security.audit.enabled: true
. - Click Save.
For more information and other available auditing settings in Elasticsearch, see Auditing security settings.
To enable auditing for Kibana:
- Log into the Cloud UI.
-
On the Deployments page, select your deployment.
Narrow the list by name, ID, or choose from several other filters. To further define the list, use a combination of filters.
- From your deployment menu, go to the Edit page.
- At the bottom of the Kibana instance, expand the User settings overrides caret.
-
Add the setting
xpack.security.audit.enabled: true
. -
If your Elastic Stack version is below 7.6.0, add the setting
logging.quiet: false
. - Click Save.
For more information about audit logging in Kibana, see Audit Logging.