Elasticsearch domains should have error logging to CloudWatch Logs enabled

Docs > Datadog Security > OOTB Rules > Elasticsearch domains should have error logging to CloudWatch Logs enabled

Description

This control confirms whether Elasticsearch domains are configured to forward error logs to CloudWatch Logs.

It’s recommended to enable error logging for Elasticsearch domains and forward these logs to CloudWatch Logs for retention and analysis. Error logs from the domain can play a key role in security and access audits and can help in diagnosing availability issues.

Remediation

For details on how to activate log publishing, refer to the Enabling log publishing (console) section in the Amazon OpenSearch Service Developer Guide.