Is there a way to rotate the audit log? (devided by secret engine!)


I’ll inquire about the vault audit log!

Can the audit log be divided by secret engine?

Currently, the audit log is all accumulated in one file, and I want to divide it by use such as totp and transit.

Is there any way?

Please comment!


The support on audit logging customization is very limited. You can really only write them to a file/socket and rotate files when necessary. Sadly enough no feature to divide is built into Vault.
You would have to provide something yourself for this.

1 Like

Use something like graylog (ELK stack) or splunk as your log accumulator and there you can easily write indexes to divide up your log into whatever you like as well as giving you full search capabilities.