I have 3 vault using raft and I’m trying to coordinate logs audit.
When I do something like :
vault audit enable -path="vault_audit_3" file file_path=audit.log
On my leader node I do have all the logs but I don’t have the logs on my other nodes. Thus when I’m trying to create a new path on my other node ( the followers) nothing is ever wrote. Do you have any idea to fix this ?
If you force a step-down on the leader node does the logging commence on the new leader?
Run vault status on all three nodes individually and make sure one is active and the other two are performanceStandby nodes.
Speaking of “audit” logs only, the leader node should have all of the relevant log entries.
Best practice, since you don’t know when an election could force a change – use a central logs system like graylog or splunk (SaaS) to capture all the logs remotely.
Perfect you answered my question, that’s what I tought only the active leader has audit logs thanks