Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12766

Gaps in documentation regarding implementing-elasticsearch-audit-event-handlers



    • Rank:


      Request for the documentation to be updated to include some additional details on how to configure the AWS Elasticsearch Event Handler for Openam


      Currently the documentation shows the following


      Procedure 6.5. To Prepare for Elasticsearch Audit Logging # Review the JSON file containing OpenAM's audit schema. You can find the JSON file for the audit schema at the path{{/path/to/tomcat/webapps/openam/WEB-INF/template/elasticsearch/audit.json}}.

      1. Copy the audit.json file to the system where you will create the Elasticsearch index for OpenAM auditing.

      In this example, you create an Elasticsearch index by executing an Elasticsearch REST API call using the curl command. Copy the audit.json file to a location that is accessible to the curl command you will run in the next step.

      1. Create an Elasticsearch index for OpenAM auditing as follows:
        $ *curl \ --request POST \ --header "Content-Type: application/json" \ --data @audit.json \ http://elasticsearch.example.com:9200/my_openam_audit_index*

      In this example, note the following:

      • elasticsearch.example.com is the name of the host on which Elasticsearch runs.
      • 9200 is the port number that you use to access Elasticsearch's REST API.
      • my_openam_audit_index is the name of the Elasticsearch index that you want to create.

      What is being proposed is adding the following

      Adding from URL https://www.elastic.co/guide/en/cloud/current/getting-started.html Specifically in the section Connect to Your Cluster In this section it talks about connecting to your endpoint. 

      By providing this information it will help customers obtain information about their AWS elastic search configuration so they can successfully setup the openam audit event handler

      What prompted this need for a update to the documentation is the following question from the customer

      We are using the Elastic search service version 5.3 and we followed the below steps from 13.5 Admin guide The doubt we have in the below steps given is in the second step we have to create Elasticsearch index after copying file audit.json to create the Elasticsearch index using Curl command, On which server do we have to copy the audit.json file as we are using Elastic search as service?






            austingene Gene Hirayama
            steve.nolan Steve Nolan
            0 Vote for this issue
            3 Start watching this issue