Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DOC Audit security config change #66839

Merged
Changes from 1 commit
Commits
Show all changes
69 commits
Select commit Hold shift + click to select a range
f462dc4
WIP
albertzaharovits Dec 28, 2020
7bfff61
WIP still
albertzaharovits Dec 29, 2020
7a908ec
More polishing of audit-settings
albertzaharovits Dec 29, 2020
9ea7c65
Maybe audit settings is complete
albertzaharovits Dec 29, 2020
ec09fb5
meah
albertzaharovits Dec 29, 2020
e83ba2d
Enable audit logging Done
albertzaharovits Dec 29, 2020
aa178e1
Audit settings done-done
albertzaharovits Dec 29, 2020
16effe3
put user event type
albertzaharovits Dec 29, 2020
125c21b
Put role
albertzaharovits Dec 29, 2020
0bb4dca
Merge branch 'master' into docs_audit_request_body_for_certain_transp…
albertzaharovits Dec 29, 2020
31426a2
Extraneous formatting
albertzaharovits Dec 29, 2020
6391f29
More event types
albertzaharovits Dec 29, 2020
ed921f4
Partial fix for the example column
albertzaharovits Dec 29, 2020
e96e808
Complete list without examples
albertzaharovits Dec 30, 2020
709eaf2
Merge branch 'master' into docs_audit_request_body_for_certain_transp…
albertzaharovits Dec 30, 2020
4e39d88
Before detailing security change event contents
albertzaharovits Dec 30, 2020
2cbccd3
Audit event attributes for security config change
albertzaharovits Dec 30, 2020
61ae9a4
Some security configuration schema
albertzaharovits Dec 30, 2020
a041940
Formatting
albertzaharovits Dec 30, 2020
dc50fb4
Schema is done, let's see how it renders
albertzaharovits Dec 30, 2020
bda3344
First example
albertzaharovits Dec 30, 2020
2adea1e
More examples
albertzaharovits Dec 30, 2020
bbdf2b2
Better formatted examples
albertzaharovits Dec 30, 2020
1652062
Almost all examples
albertzaharovits Dec 30, 2020
0448643
All examples
albertzaharovits Dec 30, 2020
d5e3898
Logfile output WIP
albertzaharovits Dec 31, 2020
8417412
Almost
albertzaharovits Dec 31, 2020
ff19308
Ignore policy as separate file
albertzaharovits Dec 31, 2020
0dcb633
Merge branch 'master' into docs_audit_request_body_for_certain_transp…
elasticmachine Dec 31, 2020
f7cc454
Remove moved section
albertzaharovits Dec 31, 2020
a18083f
Merge branch 'master' into docs_audit_request_body_for_certain_transp…
albertzaharovits Jan 4, 2021
2e2997c
Mention _all as an option for events.include
albertzaharovits Jan 4, 2021
cae982d
Update x-pack/docs/en/security/auditing/enable-audit-logging.asciidoc
albertzaharovits Jan 4, 2021
6f15400
Update x-pack/docs/en/security/auditing/event-types.asciidoc
albertzaharovits Jan 4, 2021
539303c
Update x-pack/docs/en/security/auditing/event-types.asciidoc
albertzaharovits Jan 4, 2021
635d9f7
Update x-pack/docs/en/security/auditing/output-logfile.asciidoc
albertzaharovits Jan 4, 2021
2fb3890
Update x-pack/docs/en/security/auditing/output-logfile.asciidoc
albertzaharovits Jan 4, 2021
170cb64
Update x-pack/docs/en/security/auditing/output-logfile.asciidoc
albertzaharovits Jan 4, 2021
02560b9
Update x-pack/docs/en/security/auditing/event-types.asciidoc
albertzaharovits Jan 4, 2021
20db5c3
Update x-pack/docs/en/security/auditing/event-types.asciidoc
albertzaharovits Jan 4, 2021
0f08acd
Subscriptions
albertzaharovits Jan 4, 2021
2c329b3
event types table header
albertzaharovits Jan 4, 2021
4b7ce85
Merge branch 'master' into docs_audit_request_body_for_certain_transp…
albertzaharovits Jan 4, 2021
751b145
Reverse typo
albertzaharovits Jan 4, 2021
1ab65a4
Realm name
albertzaharovits Jan 4, 2021
05d15aa
run_as_denied
albertzaharovits Jan 4, 2021
a75acb7
Request body auditing
albertzaharovits Jan 4, 2021
86b5558
Update x-pack/docs/en/security/auditing/event-types.asciidoc
albertzaharovits Jan 4, 2021
c562d35
Update x-pack/docs/en/security/auditing/event-types.asciidoc
albertzaharovits Jan 4, 2021
b2ddcb3
Update x-pack/docs/en/security/auditing/event-types.asciidoc
albertzaharovits Jan 4, 2021
3ac7cf5
"Being" removal
albertzaharovits Jan 4, 2021
05111b4
Misc
albertzaharovits Jan 4, 2021
352adc3
Update x-pack/docs/en/security/auditing/event-types.asciidoc
albertzaharovits Jan 4, 2021
634099a
Update x-pack/docs/en/security/auditing/ignore-policy.asciidoc
albertzaharovits Jan 4, 2021
199fdf7
Update x-pack/docs/en/security/auditing/output-logfile.asciidoc
albertzaharovits Jan 4, 2021
5dbf00c
Update x-pack/docs/en/security/auditing/output-logfile.asciidoc
albertzaharovits Jan 4, 2021
6bd5267
Nit
albertzaharovits Jan 4, 2021
3304935
principals that
albertzaharovits Jan 4, 2021
3dc6103
before events reordering
albertzaharovits Jan 4, 2021
72b0951
event types reordered alphabetically
albertzaharovits Jan 4, 2021
33674d7
[DOCS] Fixes table formatting in audit event types
lcawl Jan 5, 2021
1059ba2
Update x-pack/docs/en/security/auditing/auditing-search-queries.asciidoc
albertzaharovits Jan 5, 2021
906e328
Update x-pack/docs/en/security/auditing/ignore-policy.asciidoc
albertzaharovits Jan 5, 2021
3d3e6cb
Merge branch 'master' into docs_audit_request_body_for_certain_transp…
albertzaharovits Jan 15, 2021
df6a656
Update x-pack/docs/en/security/auditing/auditing-search-queries.asciidoc
albertzaharovits Jan 15, 2021
403c41b
Update x-pack/docs/en/security/auditing/event-types.asciidoc
albertzaharovits Jan 15, 2021
9747014
Update x-pack/docs/en/security/auditing/event-types.asciidoc
albertzaharovits Jan 15, 2021
3c57bec
Update x-pack/docs/en/security/auditing/event-types.asciidoc
albertzaharovits Jan 15, 2021
dbdc230
Update x-pack/docs/en/security/auditing/event-types.asciidoc
albertzaharovits Jan 15, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
More polishing of audit-settings
albertzaharovits committed Dec 29, 2020

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit 7a908ecc647974931f8fd6a87c04c6a711153dfd
17 changes: 12 additions & 5 deletions docs/reference/settings/audit-settings.asciidoc
Original file line number Diff line number Diff line change
@@ -44,7 +44,8 @@ by using the following settings:
// tag::xpack-sa-lf-events-include-tag[]
`xpack.security.audit.logfile.events.include`::
(<<dynamic-cluster-setting,Dynamic>>)
Specifies which events to include in the auditing output. The default value is:
Specifies the kind of events to print in the auditing output. The default list value
albertzaharovits marked this conversation as resolved.
Show resolved Hide resolved
contains:
`access_denied, access_granted, anonymous_access_denied, authentication_failed,
connection_denied, tampered_request, run_as_denied, run_as_granted,
security_config_change`.
@@ -54,16 +55,22 @@ security_config_change`.
// tag::xpack-sa-lf-events-exclude-tag[]
`xpack.security.audit.logfile.events.exclude`::
(<<dynamic-cluster-setting,Dynamic>>)
Excludes the specified events from the output. By default, no events are
excluded.
Excludes the specified kind of events from the include list. The default is the empty list.
// end::xpack-sa-lf-events-exclude-tag[]

[[xpack-sa-lf-events-emit-request]]
// tag::xpack-sa-lf-events-emit-request-tag[]
`xpack.security.audit.logfile.events.emit_request_body`::
(<<dynamic-cluster-setting,Dynamic>>)
Specifies whether to include the request body from REST requests on certain
event types such as `authentication_failed`. The default value is `false`.
Specifies whether to include the full request body from REST requests as an
attribute of certain kinds of audit events. The request body is printed as an
escaped JSON string value to the `request.body` attribute.
These events that contain the `request.body` attribute are `authentication_success`,
`authentication_failed`, `realm_authentication_failed`, `tampered_request`, `run_as_denied`,
and `anonymous_access_denied` that are printed on the coordinating node only
albertzaharovits marked this conversation as resolved.
Show resolved Hide resolved
(the node that handles the REST request).

The default value is `false` so request bodies are not printed.
+
--
IMPORTANT: No filtering is performed when auditing, so sensitive data may be