mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-22 23:21:08 +02:00
Code Issues Projects Releases Wiki Activity
vault/website/content/docs/audit/file.mdx
Erica Thompson 0660ea6fac
Update README (#31244) 
* Update README

Let contributors know that docs will now be located in UDR

* Add comments to each mdx doc

Comment has been added to all mdx docs that are not partials

* chore: added changelog

changelog check failure

* wip: removed changelog

* Fix content errors

* Doc spacing

* Update website/content/docs/deploy/kubernetes/vso/helm.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2025-07-22 08:12:22 -07:00

67 lines
2.7 KiB
Plaintext
Raw Permalink Blame History

---
layout: docs
page_title: File - Audit Devices
description: The "file" audit device writes audit logs to a file.
---
> [!IMPORTANT]
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
# File audit device
The `file` audit device writes audit logs to a file. This is a very simple audit
device: it appends logs to a file.
The device does not currently assist with any log rotation. There are very
stable and feature-filled log rotation tools already, so we recommend using
existing tools.
Sending a `SIGHUP` to the Vault process will cause `file` audit devices to close
and re-open their underlying file, which can assist with log rotation needs.
## Examples
Enable at the default path:
```shell-session
$ vault audit enable file file_path=/var/log/vault_audit.log
```
Enable at a different path. It is possible to enable multiple copies of an audit
device:
```shell-session
$ vault audit enable -path="vault_audit_1" file file_path=/home/user/vault_audit.log
```
Enable logs on stdout. This is useful when running in a container:
```shell-session
$ vault audit enable file file_path=stdout
```
## Configuration
Note the difference between `audit enable` command options and the `file` backend
configuration options. Use `vault audit enable -help` to see the command options.
The `file` audit device supports the common configuration options documented on
the [main Audit Devices page](/vault/docs/audit#common-configuration-options), and
these device-specific options:
- `file_path` `(string: <required>)` - The path to where the audit log will be
written. If a file already exists at the given path, the audit backend will
append to it. There are some special keywords:
- `stdout` writes the audit log to standard output
- `discard` discards output, instead of writing it to a device (useful in testing scenarios)
- `mode` `(string: "0600")` - A string containing an octal number representing
the bit pattern for the file mode, similar to `chmod`. Set to `"0000"` to
prevent Vault from modifying the file mode.
## Log file rotation
To properly rotate Vault File Audit Device log files on BSD, Darwin, or Linux-based Vault servers, it is important that you configure your log rotation software to send the `vault` process a signal hang up / `SIGHUP` after each rotation of the log file.
Reference in New Issue View Git Blame Copy Permalink