63413c047d
* Beginning to work on the role management APIs. Added docs for GET
* Adding PUT docs
* Adding PUT details
* Adding delete docs
* Fixing linking
* Adding Kibana privileges section
* Fixing dashboard only mode docs
* Fixing a few more references to managing roles
* Beginning to work on authorization docs, might be moving some to
stack-docs
* Collapsing authorization description in the kibana privileges page
* Adding audit logging section
* Revising the language on the Kibana role management section
* Splitting back out the auth/privileges and adding legacy fallback
details
* Revising language around impact of disabling security
* Changing Kibana to {kib} and Elasticsearch to {es}
* Beginning to work on developer centric docs
* Fixing some formatting, adding some diagrams
* Adding note about the role management APIs
* Adding overview, fixing small syntax issues
* Fixing chunk name for transitioning to application privileges
* Adjusting tone for the authorization introduction
* Changing the tone and structure of the RBAC docs
* Deleting blog stuff after refactoring
* Addressing first round of peer review comments
* Fixing endpoints links
* Peer review suggested edits
* Addressing other PR feedback
36 lines
1.7 KiB
Plaintext
36 lines
1.7 KiB
Plaintext
[role="xpack"]
|
|
[[xpack-security-audit-logging]]
|
|
=== Audit Logging
|
|
|
|
You can enable auditing to keep track of security-related events such as
|
|
authorization success and failures. Logging these events enables you
|
|
to monitor {kib} for suspicious activity and provides evidence in the
|
|
event of an attack.
|
|
|
|
Use the {kib} audit logs in conjunction with {es}'s
|
|
audit logging to get a holistic view of all security related events.
|
|
{kib} defers to {es}'s security model for authentication, data
|
|
index authorization, and features that are driven by cluster-wide privileges.
|
|
For more information on enabling audit logging in {es}, see
|
|
{ref}/auditing.html[Auditing Security Events].
|
|
|
|
[IMPORTANT]
|
|
============================================================================
|
|
Audit logs are **disabled** by default. To enable this functionality, you
|
|
must set `xpack.security.audit.enabled` to `true` in `kibana.yml`.
|
|
============================================================================
|
|
|
|
Audit logging uses the standard {kib} logging output, which can be configured
|
|
in the `kibana.yml` and is discussed in <<settings>>.
|
|
|
|
==== Audit event types
|
|
|
|
When you are auditing security events, each request can generate
|
|
multiple audit events. The following is a list of the events that can be generated:
|
|
|
|
|======
|
|
| `saved_objects_authorization_success` | Logged when a user is authorized to access a saved
|
|
objects when using a role with <<kibana-privileges>>
|
|
| `saved_objects_authorization_failure` | Logged when a user isn't authorized to access a saved
|
|
objects when using a role with <<kibana-privileges>>
|
|
|====== |