Hey Vault community,
I’m currently setting up audit devices for the first time and have a couple of questions which the documentation couldn’t answer:
- Is there any time limit for how long Vault stores logs?
- Are there any precautionary measurements one can take to prevent an audit device from blocking? (Apart from having multiple devices + alert at high watermark values)
E.g. any way to increase storage?
- To prevent a device from blocking due to non-sufficient capacity, one would export logs from the device to increase available capacity? Are there any other options?
Context: I’m using file & Syslog audit devices.
Any help is much appreciated,