Vault Audit Log - seem not working

Vault
1

Hello,

I have a 3 nodes Vault cluster on Oracle Linux VMs.

I try to enable audit logs, but it seem to not working,

We try to enable it using Terraform or Vault cli, it’s activated, but it doesn’t write any logs to the file (or not create it either).

We also created the file with 644 perms and chown it to the vault user, doesn’t work.

Here is the API call to see it’s activated :

{
  "file/": {
    "description": "",
    "local": false,
    "options": {
      "file_path": "/tmp/vault_audit.log"
    },
    "path": "file/",
    "type": "file"
  },
  "request_id": "b90c...",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": {
    "file/": {
      "description": "",
      "local": false,
      "options": {
        "file_path": "/tmp/vault_audit.log"
      },
      "path": "file/",
      "type": "file"
    }
  },
  "wrap_info": null,
  "warnings": null,
  "auth": null
}

$ vault audit list -detailed
Path     Type    Description    Replication    Options
----     ----    -----------    -----------    -------
file/    file    n/a            local          file_path=/tmp/vault_audit.log```


We tried to restart Vault process, unseal it, generate few permission denied errors, log it with different mechanism, but nothing genrate logs. 

Any idea what append ?
2

Check the Vault server logs for clues, ensure SELinux or AppArmor isn’t blocking file writes, verify disk space and file system permissions in /tmp, and confirm that the Vault process is running as the correct user with the ability to write to the log file. If these steps don’t resolve the issue, consider running Vault in debug mode for more detailed logs.