Move audit logs to a dedicated logs directory #116562
Conversation
watson
added
v8.0.0
release_note:skip
watson
added
auto-backport
watson
force-pushed
the
logs-directory
branch
from
ba78c40 to
e9bc0ee
Compare
watson
force-pushed
the
logs-directory
branch
2 times, most recently
from
6b6b928 to
13e27d6
Compare
watson
force-pushed
the
logs-directory
branch
from
13e27d6 to
bfc9049
Compare
|
ACK: will review today |
There was a problem hiding this comment.
Everything looks good, but I'm wondering if we should commit /logs directory (empty dir with .gitignore inside or something like this)? Otherwise if I just try to enable audit logs locally Kibana crashes with Error: ENOENT: no such file or directory, open '.../kibana/logs/audit.log' forcing me to manually create logs folder.
Co-authored-by: Aleh Zasypkin <[email protected]>
|
@elasticmachine merge upstream |
We used to have an empty If that's the case, I think it would make sense to change the audit code to create it if it doesn't exist already as well. I actually thought it worked like that all ready since the tests didn't fail. But I guess the tests doesn't fully test that. So I will update this PR to improve that if @spalger agrees this is the way to go. |
|
The default settings uses a rolling log-file which in turn use this code to write the file to disk: So we can either update this code to create any missing directories first, though that would impact all rolling file appenders - which might be a nice thing, but is a bigger discussion. Alternatively, we can update the audit setup code to create the dir, which seems like a smaller change. |
If I recall correctly we ran into a few issues with the
Can you think of a reason this would be undesirable? I think we should do it across the board and include the appropriate release note. |
|
I've created a PR to show how this could be done: #117666 If we decide to go down this path, I think we want to land it as a separate PR and then wait for that to land before continuing with this one. So let's move the related to discussion to that PR. |
|
I don't know if we purposefully got rid of the data directory. Looks like it might have been accidentally removed in 7bac741. I am not opposed to trying it again if it simplifies things. |
|
While a little more complex, I think it's more stable if Kibana could bootstrap its required empty directories on boot. This makes it easier in case you on purpose or accidentally delete them while cleaning up. As far as I can tell the two directories in question here are |
|
💚 CLA has been signed |
|
ACK: will review today |
| @@ -129,6 +129,9 @@ export async function runFpm( | |||
| // copy the data directory at /var/lib/kibana | |||
| `${resolveWithTrailingSlash(fromBuild('data'))}=/var/lib/kibana/`, | |||
|
|
|||
| // copy the logs directory at /var/log/kibana | |||
There was a problem hiding this comment.
Can we add an '--exclude', usr/share/kibana/logs, a few lines up so we don't copy the .gitempty/folder over twice?
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: cc @watson |
Co-authored-by: Aleh Zasypkin <[email protected]>
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
Co-authored-by: Aleh Zasypkin <[email protected]> Co-authored-by: Thomas Watson <[email protected]> Co-authored-by: Aleh Zasypkin <[email protected]>
Depends on #116282The only new commit in this PR is the last one (13e27d6)This PR adds a new folder to the root of the Kibana directory:
logs.The reason behind this change is to align more closely with where Elasticsearch stores logs. This was previously discussed here: #82578 (comment)
The new
logsdirectory will currently only be used to store audit logs.