Bird
Raised Fist0

You enabled audit logging with xpack.security.audit.enabled: true but see no audit logs. What is a likely cause?

medium📝 Troubleshoot Q14 of Q15
Elasticsearch - Security
You enabled audit logging with xpack.security.audit.enabled: true but see no audit logs. What is a likely cause?
AUser permissions prevent audit logging
BElasticsearch cluster is offline
CAudit logging requires a restart of Kibana
DAudit outputs are not configured, so logs have no destination
Step-by-Step Solution
Solution:

  1. Step 1: Check audit logging enablement

    Audit logging is enabled, so it should produce logs if outputs are set.

  2. Step 2: Verify output configuration

    If xpack.security.audit.outputs is missing or empty, logs have nowhere to go, so no logs appear.

  3. Final Answer:

    Audit outputs are not configured, so logs have no destination -> Option D

  4. Quick Check:

    Enabled but no outputs = no logs [OK]
Quick Trick: Check audit outputs setting if no logs appear [OK]
Common Mistakes:
MISTAKES
  • Assuming cluster offline without checking
  • Restarting Kibana instead of Elasticsearch
  • Blaming user permissions without audit config check

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Elasticsearch Quizzes
Advanced Patterns - Percolate queries (reverse search) - Quiz 1easy Advanced Patterns - Point-in-time API - Quiz 10hard Cluster Management - Node roles (master, data, ingest) - Quiz 4medium ELK Stack Integration - Why ELK stack provides observability - Quiz 2easy ELK Stack Integration - Machine learning anomaly detection - Quiz 8hard ELK Stack Integration - Why ELK stack provides observability - Quiz 12easy Performance and Scaling - Why performance tuning handles growth - Quiz 3easy Performance and Scaling - Bulk indexing optimization - Quiz 10hard Security - Encryption in transit and at rest - Quiz 9hard Security - Authentication basics - Quiz 3easy