Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Add support for audit log writing to data streams #3745

Open
tmanninger opened this issue Nov 20, 2023 · 5 comments
Open

[Feature] Add support for audit log writing to data streams #3745

tmanninger opened this issue Nov 20, 2023 · 5 comments
Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@tmanninger
Copy link
Contributor

I am using opensearch 2.11.

My auditlog config:

plugins.security.audit.config.index: opensearch-security-auditlog
plugins.security.audit.type: internal_opensearch

"opensearch-security-auditlog" is a datastream.

When opensearch is storing auditlog to the datastream, i get the following error:

java.lang.IllegalArgumentException: only write ops with an op_type of create are allowed in data streams

How can i change the op_type of the auditlogs?
@tmanninger tmanninger added bug Something isn't working untriaged Require the attention of the repository maintainers and may need to be prioritized labels Nov 20, 2023
@stephen-crawford
Copy link
Collaborator

[Triage] Hi @tmanninger, thank you for filing this issue. Right now we do not support the data stream API to allow this use case. Let me mark this as a feature request since it will involve adding this support to the audit logging.

That being said, sounds like we can close this issue when:

  • Add data stream audit log support
  • Add associated tests
  • Add documentation

Are complete.

@stephen-crawford stephen-crawford changed the title [BUG] Cannot store auditlog to datastream [Feature] Add support for audit log writing to data streams Nov 20, 2023
@stephen-crawford stephen-crawford added enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed bug Something isn't working untriaged Require the attention of the repository maintainers and may need to be prioritized labels Nov 20, 2023
@tmanninger
Copy link
Contributor Author

Any Feedback, any roadmap available for this future request?

@stephen-crawford
Copy link
Collaborator

Hi @tmanninger, I am not aware of any active efforts to provide this support. If you are eager to see this feature implemented the fastest route would likely be for you to open a pull request adding the feature. Feel free to open a PR with the change and I will try to review it as quickly as I can.

@tmanninger
Copy link
Contributor Author

tmanninger commented Apr 12, 2024
edited
Loading

How should i integrate this feature?
Add an option
plugins.security.audit.config.is_datastream: true
or
plugins.security.audit.config.op_type: create
?

@tmanninger tmanninger mentioned this issue Apr 16, 2024
Merged
@tmanninger
Copy link
Contributor Author

@scrawfor99 i created an PR:
#4257

I changed to OP_TYPE to create, because audit logs should never be updated.
It's tested and works in my test environment.
Looks this ok?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tmanninger @stephen-crawford