- Shield Reference for 2.x and 1.x:
- Introduction
- Getting Started with Shield
- Installing Shield
- How Shield Works
- User Authentication
- How Authentication Works
- Enabling Anonymous Access [1.1.0] Added in 1.1.0.
- Native User Authentication
- LDAP User Authentication
- Active Directory User Authentication
- PKI User Authentication [1.3.0] Added in 1.3.0.
- File-based User Authentication
- Integrating with Other Authentication Systems
- Controlling the User Cache
- Migration tool for users and roles
- Role-based Access Control
- Auditing Security Events
- Securing Communications with Encryption and IP Filtering
- Configuring Clients and Integrations
- Managing Your License
- Example Shield Deployments
- Reference
- Limitations
- Troubleshooting
- Setting Up a Certificate Authority
- Release Notes
From version 5.0 onward, Shield is part of X-Pack. For more information, see
Securing the Elastic Stack.
Enable Auditing
editEnable Auditing
editWhen you enable auditing, Shield stores a record of attempted and successful interactions with your Elasticsearch cluster. You can use this information to keep track of who is doing what to your cluster and identify potential security issues.
To enable auditing, add the following setting to elasticsearch.yml
:
shield.audit.enabled: true
By default, events are logged to a dedicated elasticsearch-access.log
file in ES_HOME/logs
. You can also store the events in an Elasticsearch index for easier analysis and control what events
are logged. For more information, see Configuring Auditing.
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register nowWas this helpful?
Thank you for your feedback.