Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rename _audit.log to _audit.json #37916

Merged
merged 3 commits into from
Jan 29, 2019
Merged

Rename _audit.log to _audit.json #37916

merged 3 commits into from
Jan 29, 2019

Conversation

pgomulka
Copy link
Contributor

@pgomulka pgomulka commented Jan 28, 2019
edited
Loading

As a follow up from discussion comment
in order to keep json logs consistent the security aduit logs are renamed from .log to .json

relates #32850

@pgomulka pgomulka added :Core/Infra/Core Core issues without another label v7.0.0 >refactoring :Security/Audit X-Pack Audit logging labels Jan 28, 2019
@pgomulka pgomulka self-assigned this Jan 28, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-core-infra

@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security

@albertzaharovits
Copy link
Contributor

@ycombinator what do you think, is this necessary for consistency from the ingest perspective?
It's not clear for me from #32850 (comment) that it is.

@albertzaharovits albertzaharovits removed the :Core/Infra/Core Core issues without another label label Jan 28, 2019
@ycombinator
Copy link
Contributor

Strictly speaking, it's not necessary from an Ingest perspective as Filebeat can uniquely target audit.log as the new, JSON-formatted audit log file. However, from a consistency perspective, it would definitely be very nice if all Elasticsearch logs that emitted JSON entries had .json as their extension. So I'm +1 for this change.

@albertzaharovits
Copy link
Contributor

Understood, thank you @ycombinator for the input!

@albertzaharovits
Copy link
Contributor

Thank you for tackling this one too @pgomulka !

I am OK with the change. I vaguely remember some qa sql tests parsing the audit log so you might encounter some CI failures. In addition I think a breaking change notice is in order. I am not quite sure where to file it, but maybe @lcawl can help? I am thinking, docs/reference/migration/migrate_7_0/cluster.asciidoc.

albertzaharovits
albertzaharovits approved these changes Jan 28, 2019
View reviewed changes
Copy link
Contributor

@albertzaharovits albertzaharovits left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pgomulka
Copy link
Contributor Author

@elasticmachine run elasticsearch-ci/2

@pgomulka
Copy link
Contributor Author

@elasticmachine run elasticsearch-ci/1

@pgomulka
Copy link
Contributor Author

@elasticmachine run elasticsearch-ci/docs-check

@pgomulka pgomulka merged commit 4f4113e into elastic:master Jan 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@albertzaharovits albertzaharovits albertzaharovits approved these changes

Assignees
No one assigned
Labels
>breaking >refactoring :Security/Audit X-Pack Audit logging v7.0.0-beta1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@pgomulka @elasticmachine @albertzaharovits @ycombinator @colings86