You're right! the doc says till ES 7.X.
Thanks for the feedback.
Best regards,
Andrea
On 30/09/22 09:05, Francesco Chicchiriccò wrote:
Hi Andrea,
I agree with you, option (2) looks definitely better, especially
because, if I am not mistaking, the library [1] does not support yet
Elasticsearch 8.x, which we are using on master branch.
Regards.
On 29/09/22 17:14, Andrea Patricelli wrote:
Hi all,
About SYNCOPE-1696 I found this log4j2 appender [1] that seems to be
a kind of "fork" extension (not mentioned in the official doc), but
still quite active project.
Now I see two ways to proceed:
1. Use the library and all its features OOTB. As far as I understood
this extension "simply" performs HTTP calls to ES to write data and
allows to log on ES transparently like
log.info("Hello, World!");
.
2. Configure a custom audit appender as the Syslog or Rewrite one,
which directly uses the ES client to write on Elasticsearch.
Though solution 1 seems to be a good way to proceed, it is not so
widely used because the most common way to direct logs on ES is to
use Logstash and Filebeat. But on the other hand requires only some
configuration, without writing too much code.
Solution 2 is a bit more "raw" and requires a bit more work, but we
would use the same ES client instantiated by the extension and have
more control on the overall solution and maintenance.
I would lean for solution 2, following the implementation to index
users, any objs and groups by using a custom appender to place under
elasticsearch extension, but would like to know your opinion.
Best regards,
Andrea
[1] https://github.com/rfoltyns/log4j2-elasticsearch
--
Andrea Patricelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope
