Open a terminal session.

Log in as the root or NSP admin user on the NSP deployer VM.

Open the following file using a plain-text editor such as vi:

/opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/config/nsp-config.yml

Enable and configure OpenSearch audit logging

Enable audit logging as follows:

  logging:

    opensearchSecurityAuditLogs:

      enabled: true

By default, READ and GET API requests are excluded from the audit logs.

Include these requests as follows:

  logging:

    opensearchSecurityAuditLogs:

      includeReadOperations: true

The default retentionPeriodInDaysOverride for OpenSearch audit is zero (0).

Zero (0) means no explicit override, so the system uses the deployment profile default audit retention (typically five days for internal/lab profiles and 30 days for other profiles respectively).

You can override the retention period as follows:

  logging:

    opensearchSecurityAuditLogs:

      retentionPeriodInDaysOverride: days

where days is retention period in days.

Example:

  logging:

    opensearchSecurityAuditLogs:

      enabled: true

      includeReadOperations: true

      retentionPeriodInDaysOverride: 30

Save and deploy updated configuration

Save and close the nsp-config.yml file.

Enter the following to start the NSP cluster:

Note: If the NSP cluster VMs do not have the required SSH key, you must include the --ask-pass argument in the nspdeployerctl command, as shown in the following example, and are subsequently prompted for the root password of each cluster member:

nspdeployerctl --ask-pass install --config --deploy

# ./nspdeployerctl install --config --deploy ↵

The NSP cluster starts, and the configuration update is put into effect.

Close the console window.

End of steps