Some of our customers would like to have a way to browse and report access logs for their APIs. We currently use custom logger package names and trap them with log sinks to specific files that we then manually copy to the users that need them. Needless to say it's quite tedious and not practical.
We have recently started to play around with Kibana and Elasticsearch and thought "what if we could ship specific audit details directly to Elasticsearch?".
I thought we could add some sort of assertion(s) in our policies to POST data to an Elasticsearch cluster at execution time, without using any intermediary like Logstash or Filebeats.
Has anyone done this before?