Remove the legacy audit logger #116191
Remove the legacy audit logger #116191
Conversation
|
@elasticmachine merge upstream |
…ve-legacy-audit-logger
…ego/kibana into security/remove-legacy-audit-logger
legrego
changed the title
legrego
added
release_note:breaking
Team:Security
|
@jportner ready for a preliminary review while CI completes. As discussed, this isn't our ideal end-state, and we will have some bugs to resolve before the 8.0 release |
| config.audit.appender ?? | ||
| ({ | ||
| type: 'rolling-file', | ||
| fileName: path.join(getDataPath(), 'audit.log'), |
There was a problem hiding this comment.
This default appender writes to Kibana's data directory, as suggested in #82578 (comment).
The ideal solution is to write this data to a new logs directory. I propose tackling this in a followup (for 8.0) as this would require additional work to align with ES, and we don't have the luxury of time.
| ...data, | ||
| }); | ||
| }, | ||
| log: (eventType: string, message: string, data?: Record<string, any>) => {}, |
There was a problem hiding this comment.
The legacy audit logger is a no-op now. We should remove the function altogether in a followup. I opted not to do so here because that involves pinging a number of other teams for codeowner's review, and we don't have the luxury of time.
|
I reviewed and it looks good. Will approve when this is marked ready for review 👍 |
|
Pinging @elastic/kibana-security (Team:Security) |
💛 Build succeeded, but was flaky
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
Summary
Removes the ability to record legacy audit events.
Closes #82578
Followup tasks
^ Some of these will be addressed in #116282.
Release notes
The legacy audit logger has been removed. Administrators who wish to audit Kibana events should instead enable the ECS-compliant audit logger.