Boundary audit log with event sink does not create files

Hello,
I have been trying to set the events onto Boundary’s controller and worker configuration with files but nothing is created on the path I set.

Here’s the worker events configuration :

events {
  audit_enabled        = true
  observations_enabled = true
  sysevents_enabled    = true

  sink "stderr" {
    name        = "all-events"
    description = "All events sent to stderr"
    event_types = ["*"]
    format      = "cloudevents-json"
  }

  sink {
    name        = "worker-audit-sink"
    description = "All events sent to a file"
    event_types = ["*"]
    format      = "cloudevents-json"

    file {
      path      = "/path/to/audit-logs"
      file_name = "worker-audit.log"
    }

    audit_config {
      audit_filter_overrides {
        secret    = "encrypt"
        sensitive = "hmac-sha256"
      }
    }
  }

And here’s the controller’s one :

  events {
    audit_enabled = true
    observations_enabled = true
    sysevents_enabled = true
    sink "stderr" {
      name = "all-events"
      description = "All events sent to stderr"
      event_types = ["*"]
      format = "hclog-text"
    }
    sink {
      name = "controller-audit-sink"
      description = "Audit sent to a file"
      event_types = ["audit"]
      format = "cloudevents-json"
      file {
        path = "/path/to/audit-logs"
        file_name = "controller-audit.log"
      }
      audit_config {
        audit_filter_overrides {
          secret    = "encrypt"
          sensitive = "hmac-sha256"
        }
      }
    }
    sink {
      name = "auth-sink"
      description = "Authentications sent to a file"
      event_types = ["observation"]
      format = "cloudevents-json"
      allow_filters = [
        "\"/Data/request_info/Path\" contains \":authenticate\""
      ]
      file {
        path = "/path/to/audit-logs"
        file_name = "auth.log"
      }
    }
  }

I just tried following the Event Filtering and Sink Configuration | Boundary - HashiCorp Learn page to try this out, but I haven’t installed ELK, thinking that it won’t be necessary just to get the log files.

I can’t find why the files aren’t created when restarting boundary. The journalctl command does show logs but no files are present on /path/to/audit-logs. I even tried a “chmod 777” on the directory, but still nothing.

When I restart Boundary, I do see this error as it shutdown :

...
[ERROR] encountered an error sending an error event:
 error:=
 5 errors occurred:
* event.(Eventer).retrySend: event not written to enough sinks
* event.(Eventer).retrySend: event not written to enough sinks
* event.(Eventer).retrySend: event not written to enough sinks
* event.(Eventer).retrySend: event not written to enough sinks
* event.(Eventer).retrySend: reached max of 3: too many retries
...

But I don’t know if that could really be related to this problem, because I soon as Boundary is restarted, there is no error like this showned.

Do you have an idea about what I’m doing wrong ?

Thanks in advance for your help !

Is SELinux possibly blocking the write regardless of the permissions? If you su to the Boundary process user, can you write files in that directory?