This is a follow on to Query what tokens have root policy attached.
I am using Vault v1.4.2 on CentOS 7.
The script appears to do what I want on our test vault cluster but when I access our production cluster which has many more tokens I get the following error in the vault logs.
2020-06-08T18:12:44.508Z [ERROR] core: failed to audit response: request_path=auth/token/accessors/ error="1 error occurred:
From my reading this is probably due to the audit device blocking but we are using syslog as our audit device. What I am trying to understand is if my error is happening because of the log mechanism blocking or some other error.
% vault audit list
Path Type Description
---- ---- -----------
syslog/ syslog n/a
If I have to add another audit device, can I do that live? Also, what would a good device be that will not block.