Remove index audit output type#37707
Conversation
|
Pinging @elastic/es-security |
jaymode
left a comment
There was a problem hiding this comment.
nice stats. I left some comments
| These settings enabled and configured the audit index output type. This output | ||
| type has been removed because it was unreliable in certain scenarios and this | ||
| could have lead to dropping audit events while the operations on the system | ||
| were allowed to continue as usual. This is a terrible failure state for an |
There was a problem hiding this comment.
Can we leave out This is a terrible failure state for an audit system which brought about its demise. ?
| information, but it uses the older (pre-6.5.0) formatting style. | ||
| If the backwards compatible format is not required, it should be disabled. | ||
| To do that, change its logger level to `off` in the `log4j2.properties` file. | ||
| For backwards compatibility reasons, a `<clustername>_access.log` file is also |
There was a problem hiding this comment.
These are master docs, so I think this doesn't apply anymore?
There was a problem hiding this comment.
You're right 🙂 At first, this made me believe I still had a PR to do to remove the bwc audit format, that's how much I trust our docs!
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
Outdated
Show resolved
Hide resolved
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
Show resolved
Hide resolved
Co-Authored-By: albertzaharovits <albert.zaharovits@gmail.com>
…ecurity/Security.java Co-Authored-By: albertzaharovits <albert.zaharovits@gmail.com>
++ 😀 Thanks @jaymode ! I've addressed your comments. |
jaymode
left a comment
There was a problem hiding this comment.
I left two minor comments. Otherwise LGTM
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
Outdated
Show resolved
Hide resolved
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
Outdated
Show resolved
Hide resolved
|
@elasticmachine run elasticsearch-ci/1 |
|
@elasticmachine run elasticsearch-ci/2 |
@elasticmachine run elasticsearch-ci/1 |
|
@elasticmachine run elasticsearch-ci/packaging-sample |
tvernum
left a comment
There was a problem hiding this comment.
LGTM.
We could probably do a followup to simplify/remove AuditTrail etc, but that's not needed here.
* elastic/master: Optimize warning header de-duplication (elastic#37725) Bubble exceptions up in ClusterApplierService (elastic#37729) SQL: Improve handling of invalid args for PERCENTILE/PERCENTILE_RANK (elastic#37803) Remove unused ThreadBarrier class (elastic#37666) Add built-in user and role for code plugin (elastic#37030) Consolidate testclusters tests into a single project (elastic#37362) Fix docs for MappingUpdatedAction SQL: Introduce SQL DATE data type (elastic#37693) disabling bwc test while backporting elastic#37639 Mute ClusterDisruptionIT testAckedIndexing Set acking timeout to 0 on dynamic mapping update (elastic#31140) Remove index audit output type (elastic#37707) Mute FollowerFailOverIT testReadRequestsReturnsLatestMappingVersion [ML] Increase close job timeout and lower the max number (elastic#37770) Remove Custom Listeners from SnapshotsService (elastic#37629) Use m_m_nodes from Zen1 master for Zen2 bootstrap (elastic#37701) Fix index filtering in follow info api. (elastic#37752) Use project dependency instead of substitutions for distributions (elastic#37730) Update authenticate to allow unknown fields (elastic#37713) Deprecate HLRC EmptyResponse used by security (elastic#37540)
This PR removes: * the CompositeAuditTrail which is designed to fan-out auditing events to multiple logger implementation types. This is not needed because since v7.0 there's only one audit logger implementation, the logfile. * any traces of the index-based logger implementation, namely the permission of the internal _xpack user to read the audit log index. Related: #37707
Supersedes #37301
This PR removes the Index Audit Output type, following its deprecation in 6.7 by #37671 . It also adds the migration notice (settings notice).
Closes #29881