Audit logs for HA vault

HelenCousins · May 12, 2021, 11:55am

So, I have made an HA vault cluster, backed by Consul. I need audit logs to be collected. I tried
vault audit enable file file_path=/var/log/vault/audit.log
and got

Error enabling audit device: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/sys/audit/file
Code: 400. Errors:

sanity check failed; unable to open “/var/log/vault/audit.log” for writing: mkdir /var/log/vault: permission denied

so I tried
vault audit enable file file_path=/home/vault/audit.log

Error enabling audit device: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/sys/audit/file
Code: 400. Errors:

sanity check failed; unable to open “/home/vault/audit.log” for writing: mkdir /home/vault: permission denied

…

/home/vault on this machine (it is one vault node) is certainly writeable by vault. So maybe it is trying… on some other machine.

I tried

vault audit enable syslog tag=“vault”

and it said it worked, but I see no audit logs in /var/log/syslog

where is it putting logs? How do I see them?

radecki.rafal · May 13, 2021, 4:38pm

It is trying to create the file on master node even if you enable the audit log on any of standby nodes.

tely.diallo · June 25, 2024, 8:41pm

have you solved this issue?

Topic		Replies	Views
Permission denied when i try to vault audit enable file Vault	21	11638	May 17, 2022
Setting up file audit device on HA Vault cluster Vault	6	1937	June 24, 2020
How to enable audit logs in vault cloud? Vault	3	394	September 30, 2021
Vault Audit Log doesn't attempt to use the VAULT_ADDRESS varible Vault	3	825	December 4, 2020
Vault Audit Log - seem not working Vault	1	190	February 26, 2024

Audit logs for HA vault

Related topics