Logging and monitoring
Elasticsearch error logs disabled
Risk Level
Informational (4)
Platform(s)
Compliance Frameworks
- AWS Foundational Security Best Practices Controls
Description
Amazon OpenSearch Service (Amazon Elasticsearch Service successor) is a managed service that simplifies the deployment, operation, and scaling of OpenSearch clusters in AWS Cloud. It was found that the Elasticsearch domain {AwsElasticSearch} doesn't have error logs enabled. Error logs can assist in troubleshooting, repairing, and security issues related to the Elasticsearch domain.-
Recommended Mitigation
It is recommended to enable error logging at the Elasticsearch domain {AwsElasticSearch}. To enable the audit logging follow the steps at: <a href="https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createdomain-configure-slow-logs.html#createdomain-configure-slow-logs-console" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createdomain-configure-slow-logs.html#createdomain-configure-slow-logs-console</a>