open-vault/website/source/docs/audit/file.html.md

---
layout: "docs"
page_title: "Audit Backend: File"
sidebar_current: "docs-audit-file"
description: |-
  The "file" audit backend writes audit logs to a file.
---

# Audit Backend: File

The `file` audit backend writes audit logs to a file. This is a very simple audit
backend: it appends logs to a file. It does not currently assist with any log rotation.

## Format

Each line in the audit log is a JSON object. The `type` field specifies what type of
object it is. Currently, only two types exist: `request` and `response`. The line contains
all of the information for any given request and response. By default, all the sensitive
information is first hashed before logging in the audit logs.

## Enabling

#### Via the CLI

Audit `file` backend can be enabled by the following command.

```
$ vault audit-enable file path=/var/log/vault_audit.log
```

Any number of `file` audit logs can be created by enabling it with different `id`s.

```
$ vault audit-enable -id="vault_audit_1" file path=/home/user/vault_audit.log
```

Note the difference between `audit-enable` command options and the `file` backend
configuration options. Use `vault audit-enable -help` to see the command options.
Following are the configuration options available for the backend.

<dl class="api">
  <dt>Backend configuration options</dt>
  <dd>
    <ul>
      <li>
        <span class="param">path</span>
        <span class="param-flags">required</span>
            The path to where the audit log will be written. If this
            path exists, the audit backend will append to it.
      </li>
      <li>
        <span class="param">log_raw</span>
        <span class="param-flags">optional</span>
            A boolean, if set, logs the security sensitive information without
            hashing, in the raw format. Defaults to `false`.
      </li>
      <li>
        <span class="param">hash_accessor</span>
        <span class="param-flags">optional</span>
            A boolean, if set, skips the hashing of token accessor. This option
            is useful only when `log_raw` is `false`.
      </li>
    </ul>
  </dd>
</dl>
website: audit backends 2015-04-20 05:59:39 +00:00			`---`
			`layout: "docs"`
			`page_title: "Audit Backend: File"`
			`sidebar_current: "docs-audit-file"`
			`description: \|-`
			`The "file" audit backend writes audit logs to a file.`
			`---`

			`# Audit Backend: File`

Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			The `file` audit backend writes audit logs to a file. This is a very simple audit
			`backend: it appends logs to a file. It does not currently assist with any log rotation.`
website: audit backends 2015-04-20 05:59:39 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			`## Format`
website: audit backends 2015-04-20 05:59:39 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			Each line in the audit log is a JSON object. The `type` field specifies what type of
			object it is. Currently, only two types exist: `request` and `response`. The line contains
Remove redundant variables 2016-03-12 02:27:43 +00:00			`all of the information for any given request and response. By default, all the sensitive`
			`information is first hashed before logging in the audit logs.`
website: audit backends 2015-04-20 05:59:39 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			`## Enabling`
website: audit backends 2015-04-20 05:59:39 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			`#### Via the CLI`
website: audit backends 2015-04-20 05:59:39 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			Audit `file` backend can be enabled by the following command.
website: audit backends 2015-04-20 05:59:39 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			```
			`$ vault audit-enable file path=/var/log/vault_audit.log`
			```

			Any number of `file` audit logs can be created by enabling it with different `id`s.
website: audit backends 2015-04-20 05:59:39 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			```
Remove redundant variables 2016-03-12 02:27:43 +00:00			`$ vault audit-enable -id="vault_audit_1" file path=/home/user/vault_audit.log`
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			```
website: audit backends 2015-04-20 05:59:39 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			Note the difference between `audit-enable` command options and the `file` backend
			configuration options. Use `vault audit-enable -help` to see the command options.
			`Following are the configuration options available for the backend.`
website: audit backends 2015-04-20 05:59:39 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			`<dl class="api">`
			`<dt>Backend configuration options</dt>`
			`<dd>`
			`<ul>`
			`<li>`
			`<span class="param">path</span>`
			`<span class="param-flags">required</span>`
			`The path to where the audit log will be written. If this`
			`path exists, the audit backend will append to it.`
			`</li>`
			`<li>`
			`<span class="param">log_raw</span>`
			`<span class="param-flags">optional</span>`
			`A boolean, if set, logs the security sensitive information without`
			hashing, in the raw format. Defaults to `false`.
			`</li>`
			`<li>`
			`<span class="param">hash_accessor</span>`
			`<span class="param-flags">optional</span>`
			`A boolean, if set, skips the hashing of token accessor. This option`
			is useful only when `log_raw` is `false`.
			`</li>`
			`</ul>`
			`</dd>`
			`</dl>`
audit/file: add log_raw parameter and default to hashing 2015-04-27 21:28:02 +00:00