如何启用ElasticSearch http访问日志 [英] how to enable ElasticSearch http access log

问题描述

我用http 9200打开了几个客户端节点，以切断ElasticSearch查询/索引。我想通过http 9200从客户端记录访问日志，就像Http-Apache拥有access.log一样。我应该如何在ES中启用它。

I opened couple client nodes with http 9200 to sever ElasticSearch queries/indices. I wanna log the access log from clients via http 9200, just like Http-Apache has the access.log. How should I enable this in ES please.

推荐答案

Elasticsearch本身没有这样的东西。

There's no such thing in Elasticsearch itself.

但是，如果您安装 Shield插件，则可以启用审核，方法是将其添加到您的 elasticsearch.yml 配置文件。

However, if you install the Shield plugin, you can enable auditing by adding this to your elasticsearch.yml configuration file.

shield.audit.enabled: true

然后您将获得一个名为 elasticsearch-access.log 的新文件。在您的ES日志文件夹中。

You'll then get a new file called elasticsearch-access.log in your ES logs folder.

由@lucabelluccini更新：将审核日志屏蔽到syslog

如果您有兴趣将此类审核日志转发到syslog，可以感谢log4j SyslogAppender类，该类允许通过本地套接字将日志转发到syslog。

In case you are interested in forwarding such audit logs to syslog, you can thanks to log4j SyslogAppender class which allows to forward logs to syslog via local socket.

编辑您的logging.yml（自定义格式等）

Edit your logging.yml (customize the format etc...)

appender:
  syslog:
    type: org.apache.log4j.net.SyslogAppender
    syslogHost: localhost
    facility: local0
    layout:
      type: org.apache.log4j.PatternLayout
      conversionPattern: "%d{ISO8601} %t %p %c %M %m %n"

确保rsyslog配置允许UDP源。

Ensure rsyslog configuration allows UDP sources.

关联此附加程序进入盾牌审计主题。

Associate this appender to the shield audit topic.

这篇关于如何启用ElasticSearch http访问日志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！