- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 7.8
- Get started
- Set up Kibana
- Discover
- Dashboard
- Canvas
- Maps
- Machine learning
- Graph
- Visualize
- Logs
- Metrics
- APM
- Uptime
- SIEM
- Dev Tools
- Stack Monitoring
- Management
- Advanced Settings
- Alerts and Actions
- Beats Central Management
- Cross-Cluster Replication
- Index Lifecycle Policies
- Index Management
- Ingest Node Pipelines
- Index patterns and fields
- License Management
- Numeral Formatting
- Remote Clusters
- Rollup Jobs
- Saved Objects
- Security
- Snapshot and Restore
- Spaces
- Upgrade Assistant
- Watcher
- Ingest Manager
- Reporting
- Alerting and Actions
- REST API
- Kibana plugins
- Accessibility
- Limitations
- Breaking Changes
- Release Notes
- Kibana 7.8.1
- Kibana 7.8.0
- Kibana 7.7.1
- Kibana 7.7.0
- Kibana 7.6.2
- Kibana 7.6.1
- Kibana 7.6.0
- Kibana 7.5.2
- Kibana 7.5.1
- Kibana 7.5.0
- Kibana 7.4.2
- Kibana 7.4.1
- Kibana 7.4.0
- Kibana 7.3.2
- Kibana 7.3.1
- Kibana 7.3.0
- Kibana 7.2.1
- Kibana 7.2.0
- Kibana 7.1.1
- Kibana 7.1.0
- Kibana 7.0.1
- Kibana 7.0.0
- Kibana 7.0.0-rc2
- Kibana 7.0.0-rc1
- Kibana 7.0.0-beta1
- Kibana 7.0.0-alpha2
- Kibana 7.0.0-alpha1
- Developer guide
Audit logs
editAudit logs
editYou can enable auditing to keep track of security-related events such as authorization success and failures. Logging these events enables you to monitor Kibana for suspicious activity and provides evidence in the event of an attack.
Use the Kibana audit logs in conjunction with Elasticsearch’s audit logging to get a holistic view of all security related events. Kibana defers to Elasticsearch’s security model for authentication, data index authorization, and features that are driven by cluster-wide privileges. For more information on enabling audit logging in Elasticsearch, see Auditing security events.
Audit logs are disabled by default. To enable this functionality, you
must set xpack.security.audit.enabled
to true
in kibana.yml
.
Audit logging uses the standard Kibana logging output, which can be configured
in the kibana.yml
and is discussed in Configure Kibana.
Audit event types
editWhen you are auditing security events, each request can generate multiple audit events. The following is a list of the events that can be generated:
|
Logged when a user is authorized to access a saved objects when using a role with Kibana privileges |
|
Logged when a user isn’t authorized to access a saved objects when using a role with Kibana privileges |
On this page