How to prevent audit devices from blocking?

Hey Vault community,

I’m currently setting up audit devices for the first time and have a couple of questions which the documentation couldn’t answer:

  • Is there any time limit for how long Vault stores logs?
  • Are there any precautionary measurements one can take to prevent an audit device from blocking? (Apart from having multiple devices + alert at high watermark values)
    E.g. any way to increase storage?
  • To prevent a device from blocking due to non-sufficient capacity, one would export logs from the device to increase available capacity? Are there any other options?

Context: I’m using file & Syslog audit devices.

Any help is much appreciated,