Table 14. REST authentication_success Attributes lists wrong attributes #30095

elasticmachine · 2017-09-19T08:48:39Z

Original comment by @jakommo:

On https://www.elastic.co/guide/en/x-pack/5.6/auditing.html#audit-event-attributes under "Table 14. REST authentication_success Attributes" we list:

But the logs lines look like:

[2017-09-19T10:13:47,339] [rest] [authentication_success]	principal=[kibana], realm=[reserved], uri=[/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip], params=[{filter_path=nodes.*.version,nodes.*.http.publish_address,nodes.*.ip}]
[2017-09-19T10:13:47,342] [rest] [authentication_success]	principal=[kibana], realm=[reserved], uri=[/_cluster/health/.monitoring-*-2-*%2C.monitoring-*-6-*?timeout=5s], params=[{index=.monitoring-*-2-*,.monitoring-*-6-*, timeout=5s}]
[2017-09-19T10:13:47,522] [rest] [authentication_success]	principal=[kibana], realm=[reserved], uri=[/.reporting-*/esqueue/_search?version=true], params=[{index=.reporting-*, type=esqueue, version=true}]

It seems to use principal rather than user.

The text was updated successfully, but these errors were encountered:

albertzaharovits · 2018-12-04T13:50:11Z

belatedly resolved by #35510

elasticmachine added :Security/Audit X-Pack Audit logging >docs General docs changes labels Apr 25, 2018

elasticmachine assigned albertzaharovits Apr 25, 2018

albertzaharovits closed this as completed Dec 4, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Table 14. REST authentication_success Attributes lists wrong attributes #30095

Table 14. REST authentication_success Attributes lists wrong attributes #30095

elasticmachine commented Sep 19, 2017

albertzaharovits commented Dec 4, 2018

Table 14. REST authentication_success Attributes lists wrong attributes #30095

Table 14. REST authentication_success Attributes lists wrong attributes #30095

Comments

elasticmachine commented Sep 19, 2017

albertzaharovits commented Dec 4, 2018