Bird
Raised Fist0

If audit logging is enabled but no audit events appear in the logs, which configuration issue is most likely?

medium📝 Command Output Q5 of Q15
Elasticsearch - Security
If audit logging is enabled but no audit events appear in the logs, which configuration issue is most likely?
AThe Elasticsearch cluster is in read-only mode
BThe audit outputs setting is missing or empty
CThe cluster has no data nodes
DThe JVM heap size is too small
Step-by-Step Solution
Solution:

  1. Step 1: Check audit logging prerequisites

    Audit logging requires outputs to be defined to store or display events.

  2. Step 2: Identify missing outputs

    If xpack.security.audit.outputs is missing or empty, no events are recorded anywhere.

  3. Final Answer:

    The audit outputs setting is missing or empty -> Option B

  4. Quick Check:

    Audit logging needs outputs to write events [OK]
Quick Trick: Audit outputs must be set to capture events [OK]
Common Mistakes:
MISTAKES
  • Blaming cluster mode or JVM heap for missing audit logs
  • Ignoring the outputs configuration

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Elasticsearch Quizzes
Advanced Patterns - Percolate queries (reverse search) - Quiz 1easy Advanced Patterns - Point-in-time API - Quiz 10hard Cluster Management - Node roles (master, data, ingest) - Quiz 4medium ELK Stack Integration - Why ELK stack provides observability - Quiz 2easy ELK Stack Integration - Machine learning anomaly detection - Quiz 8hard ELK Stack Integration - Why ELK stack provides observability - Quiz 12easy Performance and Scaling - Why performance tuning handles growth - Quiz 3easy Performance and Scaling - Bulk indexing optimization - Quiz 10hard Security - Encryption in transit and at rest - Quiz 9hard Security - Authentication basics - Quiz 3easy