logger.deprecation.name = org.elasticsearch.deprecationlogger.deprecation.level = warnlogger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rollinglogger.deprecation.additivity = false
appender.deprecation_rolling.type = RollingFileappender.deprecation_rolling.name = deprecation_rollingappender.deprecation_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.logappender.deprecation_rolling.layout.type = PatternLayoutappender.deprecation_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.-10000m%nappender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation-%i.log.gzappender.deprecation_rolling.policies.type = Policiesappender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicyappender.deprecation_rolling.policies.size.size = 1GBappender.deprecation_rolling.strategy.type = DefaultRolloverStrategyappender.deprecation_rolling.strategy.max = 4
You don't have any examples of integrating this with the existing elasticsearch log4j2 file?
On April 19, 2018 10:45:12 AM CDT, SG <in...@search-guard.com> wrote:
of course you can do this. but as you said this is more log4j than SG related.
All loggers for searchguard start with com.floragunn or sg_action_trace (for auditlogs you can configure the loggername yourself)
So just route them into another file than the rest of the logs.
Am 19.04.2018 um 17:14 schrieb ch s <chs...@gmail.com>:
Anyone? If this isn't possible, that's fine, I'd just like to know.
On Tuesday, April 17, 2018 at 11:09:56 AM UTC-5, ch s wrote:
I guess this is more of a log4j2 question than anything else, but we have a requirement to let another team have access to our elasticsearch logs (And by this, I mean the log file generated by the elasticsearch process controlled by log4j2.properties, not the documents that are inside the elasticsearch cluster itself). The only problem is that the logs for the searchguard process are combined with the regular elasticsearch process logs. Is there a way to separate the two so that we can put the searchguard logs into a different file than the one elasticsearch is using for its own logs?
I did experiment with the auditlog, but that still doesn't capture the actual searchguard process logs. It works great for audit events though!
I'm guessing this would require some changes to log4j2.properties, but understanding that file is completely foreign to me.
Thanks!
* Search Guard and Elasticsearch version
SG 5.6.7, ES 5.6.7
* Installed and used enterprise modules, if any
Auditlog
--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/sJ9J3cci1Qw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/54e4bf58-d749-4d91-98d2-e90644af962b%40googlegroups.com.