Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DOCS] Clarify scope of xpack.security.audit.index.settings #30422

Closed
kostasb opened this issue May 7, 2018 · 3 comments
Closed

[DOCS] Clarify scope of xpack.security.audit.index.settings #30422

kostasb opened this issue May 7, 2018 · 3 comments
Assignees
Labels
>docs General docs changes :Security/Audit X-Pack Audit logging

Comments

@kostasb
Copy link

kostasb commented May 7, 2018

Elasticsearch version v6.2

There have been reports from users who index audit logs to a remote cluster, that the index settings config option should be clarified that it only applies when used locally.

Users have been modifying this setting, expecting it to reflect to the remote cluster's index layout - which isn't the case. The remote index gets created with whatever is dictated by the templates or settings of the remote cluster.

 xpack.security.audit.index.settings

    Specifies settings for the indices that the events are stored in. For example, the following configuration sets the number of shards and replicas to 1 for the audit indices:

    xpack.security.audit.index.settings:
      index:
        number_of_shards: 1
        number_of_replicas: 1

https://www.elastic.co/guide/en/elasticsearch/reference/current/auditing-settings.html#index-audit-settings

Should a note be added that this setting applies locally only?

@kostasb kostasb added >docs General docs changes :Security/Audit X-Pack Audit logging labels May 7, 2018
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security

@albertzaharovits
Copy link
Contributor

@kostasb I have raised #30923 .
However, the settings don't only apply locally. They apply when indexing to remote too, but only if X-Pack security is not installed there.

@kostasb
Copy link
Author

kostasb commented May 29, 2018

Thank you for the docs PR and the clarification!

@kostasb kostasb changed the title [DOCS] Clarify local scope of xpack.security.audit.index.settings [DOCS] Clarify scope of xpack.security.audit.index.settings May 29, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
>docs General docs changes :Security/Audit X-Pack Audit logging
Projects
None yet
Development

No branches or pull requests

3 participants