ygirouard_stm

Has anyone used Elasticsearch to store selective audit logs?

Discussion created by ygirouard_stm on Aug 24, 2018
Latest reply on Aug 25, 2018 by Dustin Dauncey

Some of our customers would like to have a way to browse and report access logs for their APIs. We currently use custom logger package names and trap them with log sinks to specific files that we then manually copy to the users that need them. Needless to say it's quite tedious and not practical.

 

We have recently started to play around with Kibana and Elasticsearch and thought "what if we could ship specific audit details directly to Elasticsearch?".

 

I thought we could add some sort of assertion(s) in our policies to POST data to an Elasticsearch cluster at execution time, without using any intermediary like Logstash or Filebeats.

 

Has anyone done this before?

Outcomes