Hi support team,
I use Vault 1.4.2 on CentOS 7.7.
Configurate Vault as a systemd service and follow the page(Learn Vault => Operations => Troubleshooting Vault) to config static log.
[Service]
…
ExecStart=/bin/sh -c ‘/usr/local/bin/vault server -config=/etc/vault.d/vault.hcl -log-level=debug >> /hashicorp/vault/logs/vault.log’
…
And here have one question:
The log stop at “Vault server started! Log data will stream in below”
and then no log output on vautl.log.
the log is output to /var/log/messages, is there wrong in my configuration?
==> Vault server configuration:
Api Address: http://10.10.10.10:8200
Cgo: disabled
Cluster Address: https://10.10.10.10:8201
Listener 1: tcp (addr: “0.0.0.0:8200”, cluster address: “10.10.10.10:8201”, max_request_duration: “1m30s”, max_request_size: “33554432”, tls: “disabled”)
Log Level: debug
Mlock: supported: true, enabled: true
Recovery Mode: false
Storage: raft (HA available)
Version: Vault v1.4.2
==> Vault server started! Log data will stream in below:
As far as i understand you are trying to save the logs of Vault to a file using :
/bin/sh -c ‘/usr/local/bin/vault server -config=/etc/vault.d/vault.hcl -log-level=debug >> /hashicorp/vault/logs/vault.log’
but you get only a portion of the logs saved to a file .
Vault uses both stdout and stderr to report its logs, if you would like to save both stderr and stdout messages to a file, you would need to redirect them both using &> operator.
Here are two equivalent examples of how I do it for my Vault dev server:
vault server -dev -log-level="trace" &> ~/vault.log
and
vault server -dev -log-level="trace" > ~/vault.log 2>&1
They both are doing the same thing, redirecting the stdout and stderr to a file named vault.log in my home directory.
1 Like
Hi martinhristov90,
Thank you for the information.
I tried both these commands, the error is as below:
Jun 15 13:48:54 VAULTAP systemd[1]: [/etc/systemd/system/vault.service:7] Unknown lvalue ‘StartLimit…Unit’
Jun 15 13:48:54 VAULTAP systemd[1]: [/etc/systemd/system/vault.service:8] Unknown lvalue ‘StartLimit…Unit’
Jun 15 13:48:54 VAULTAP systemd[1]: [/etc/systemd/system/vault.service:22] Trailing garbage, ignoring.
Jun 15 13:48:54 VAULTAP systemd[1]: [/etc/systemd/system/vault.service:30] Unknown lvalue ‘StartLimi…vice’
Jun 15 13:48:54 VAULTAP systemd[1]: vault.service lacks both ExecStart= and ExecStop= setting. Refusing.
Line 7,8,22 and 30 is
7: StartLimitIntervalSec=60
8: StartLimitBurst=3
22: ExecStart=/bin/sh -c '/usr/local/bin/vault server -config=/etc/vault.d/vault.hcl -log-level=“debug” >> /vault/hashicorp/vault/logs/vault.log 2>&1"
30: StartLimitIntervalSec=60
I guess the command is ok if write as a shellscript like:
start_vault.sh
#!/bin/bash
nohup /usr/local/bin/vault server -config=/etc/vault.d/vault.hcl -log-level=“debug”>> /vault/hashicorp/vault/logs/vault.log 2>&1 &
But if as a systemd service is not ok, hope Vault have “log_file” option like Consul and Nomad.
Hello,
Vault does not support such option as “log_file” the way Consul does, all of it system logs can be handled by stdout and stderr streams.
The error you see, i believe it is related to misconfigured unit file for Vault in Systemd, the error is coming from Systemd itself, you can use this sudo systemd-analyze verify YOUR_SERVICE_HERE command to verify the validity of the unit files in Systemd.
@martinhristov90 Many thanks.
I follow this document to configurate my vault.service, but it look like not mach my system version.
After I check ‘man systemd.unit’ and modify the right ‘uint’ service is ok now.