From d344ceea102a97301e4997ef307bfddfa42ee09e Mon Sep 17 00:00:00 2001 From: Przemyslaw Gomulka Date: Fri, 1 Feb 2019 10:13:18 +0100 Subject: [PATCH 1/5] Migration doc for audit json log file Since the name of the audit log file was changed it should be documented in a migration doc. relates #32850 --- docs/reference/migration/migrate_7_0/logging.asciidoc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/reference/migration/migrate_7_0/logging.asciidoc b/docs/reference/migration/migrate_7_0/logging.asciidoc index 0385397b31619..66c5cd6636a7c 100644 --- a/docs/reference/migration/migrate_7_0/logging.asciidoc +++ b/docs/reference/migration/migrate_7_0/logging.asciidoc @@ -31,3 +31,11 @@ Note: GC logs which are written to the file `gc.log` will not be changed. ==== Docker output in JSON format All Docker console logs are now in JSON format. You can distinguish logs streams with the `type` field. + + +[float] +==== Audit plaintext log file removed, JSON file renamed + +Elasticsearch will no longer produce a plaintext audit log file `${cluster_name}_access.log`. +The JSON log file should be used instead. The name of this file was changed from +`${cluster_name}_audit.log` to `${cluster_name}_audit.json`. From d7548aa8cee6465369ae7593295217e3cdb42006 Mon Sep 17 00:00:00 2001 From: Przemyslaw Gomulka Date: Fri, 1 Feb 2019 10:19:47 +0100 Subject: [PATCH 2/5] empty line --- docs/reference/migration/migrate_7_0/logging.asciidoc | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/reference/migration/migrate_7_0/logging.asciidoc b/docs/reference/migration/migrate_7_0/logging.asciidoc index 66c5cd6636a7c..df8cf2ede922e 100644 --- a/docs/reference/migration/migrate_7_0/logging.asciidoc +++ b/docs/reference/migration/migrate_7_0/logging.asciidoc @@ -32,7 +32,6 @@ Note: GC logs which are written to the file `gc.log` will not be changed. All Docker console logs are now in JSON format. You can distinguish logs streams with the `type` field. - [float] ==== Audit plaintext log file removed, JSON file renamed From 96609ba7e22899c4149009fdfa8e0e9000028a39 Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Fri, 1 Feb 2019 17:54:14 +0100 Subject: [PATCH 3/5] Update docs/reference/migration/migrate_7_0/logging.asciidoc Co-Authored-By: pgomulka --- docs/reference/migration/migrate_7_0/logging.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/migration/migrate_7_0/logging.asciidoc b/docs/reference/migration/migrate_7_0/logging.asciidoc index df8cf2ede922e..767098fbedf40 100644 --- a/docs/reference/migration/migrate_7_0/logging.asciidoc +++ b/docs/reference/migration/migrate_7_0/logging.asciidoc @@ -36,5 +36,5 @@ All Docker console logs are now in JSON format. You can distinguish logs streams ==== Audit plaintext log file removed, JSON file renamed Elasticsearch will no longer produce a plaintext audit log file `${cluster_name}_access.log`. -The JSON log file should be used instead. The name of this file was changed from +Use the JSON log file (`${cluster_name}_audit.json`) instead. `${cluster_name}_audit.log` to `${cluster_name}_audit.json`. From 1fc931e33cf246f4dd64d1a9e42072ef734db547 Mon Sep 17 00:00:00 2001 From: Przemyslaw Gomulka Date: Mon, 4 Feb 2019 08:39:27 +0100 Subject: [PATCH 4/5] review comment addressed --- docs/reference/migration/migrate_7_0/logging.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/migration/migrate_7_0/logging.asciidoc b/docs/reference/migration/migrate_7_0/logging.asciidoc index 767098fbedf40..328fef75ad823 100644 --- a/docs/reference/migration/migrate_7_0/logging.asciidoc +++ b/docs/reference/migration/migrate_7_0/logging.asciidoc @@ -35,6 +35,6 @@ All Docker console logs are now in JSON format. You can distinguish logs streams [float] ==== Audit plaintext log file removed, JSON file renamed -Elasticsearch will no longer produce a plaintext audit log file `${cluster_name}_access.log`. +Elasticsearch no longer produces a plaintext audit log file `${cluster_name}_access.log`. Use the JSON log file (`${cluster_name}_audit.json`) instead. `${cluster_name}_audit.log` to `${cluster_name}_audit.json`. From e4dbbf2ef1fecacf9689f1f10bb5b23f1bb6d04d Mon Sep 17 00:00:00 2001 From: lcawl Date: Mon, 4 Feb 2019 08:57:25 -0800 Subject: [PATCH 5/5] [DOCS] Edits the breaking change --- docs/reference/migration/migrate_7_0/logging.asciidoc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/reference/migration/migrate_7_0/logging.asciidoc b/docs/reference/migration/migrate_7_0/logging.asciidoc index 328fef75ad823..1329def9a1878 100644 --- a/docs/reference/migration/migrate_7_0/logging.asciidoc +++ b/docs/reference/migration/migrate_7_0/logging.asciidoc @@ -35,6 +35,8 @@ All Docker console logs are now in JSON format. You can distinguish logs streams [float] ==== Audit plaintext log file removed, JSON file renamed -Elasticsearch no longer produces a plaintext audit log file `${cluster_name}_access.log`. -Use the JSON log file (`${cluster_name}_audit.json`) instead. -`${cluster_name}_audit.log` to `${cluster_name}_audit.json`. +Elasticsearch no longer produces the `${cluster_name}_access.log` plaintext +audit log file. The `${cluster_name}_audit.log` files also no longer exist; they +are replaced by `${cluster_name}_audit.json` files. When auditing is enabled, +auditing events are stored in these dedicated JSON log files on each node. +