open-vault/website/source/docs/audit/syslog.html.md

---
layout: "docs"
page_title: "Audit Backend: Syslog"
sidebar_current: "docs-audit-syslog"
description: |-
  The "syslog" audit backend writes audit logs to syslog.
---

# Audit Backend: Syslog

The `syslog` audit backend writes audit logs to syslog.

It currently does not support a configurable syslog destination, and always
sends to the local agent. This backend is only supported on Unix systems,
and should not be enabled if any standby Vault instances do not support it.

## Format

Each line in the audit log is a JSON object. The `type` field specifies what type of
object it is. Currently, only two types exist: `request` and `response`. The line contains
all of the information for any given request and response. By default, all the sensitive
information is first hashed before logging in the audit logs.

## Enabling

#### Via the CLI

Audit `syslog` backend can be enabled by the following command.

```
$ vault audit-enable syslog
```

Backend configuration options can also be provided from command-line.

```
$ vault audit-enable syslog tag="vault" facility="AUTH"
```

Following are the configuration options available for the backend.

<dl class="api">
  <dt>Backend configuration options</dt>
  <dd>
    <ul>
      <li>
        <span class="param">facility</span>
        <span class="param-flags">optional</span>
            The syslog facility to use. Defaults to `AUTH`.
      </li>
      <li>
        <span class="param">tag</span>
        <span class="param-flags">optional</span>
            The syslog tag to use. Defaults to `vault`.
      </li>
      <li>
        <span class="param">log_raw</span>
        <span class="param-flags">optional</span>
            A boolean, if set, logs the security sensitive information without
            hashing, in the raw format. Defaults to `false`.
      </li>
      <li>
        <span class="param">hmac_accessor</span>
        <span class="param-flags">optional</span>
            A boolean, if set, enables the hashing of token accessor. Defaults to `true`. This option
            is useful only when `log_raw` is `false`.
      </li>
    </ul>
  </dd>
</dl>
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00			`---`
			`layout: "docs"`
			`page_title: "Audit Backend: Syslog"`
			`sidebar_current: "docs-audit-syslog"`
			`description: \|-`
			`The "syslog" audit backend writes audit logs to syslog.`
			`---`

			`# Audit Backend: Syslog`

Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			The `syslog` audit backend writes audit logs to syslog.
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			`It currently does not support a configurable syslog destination, and always`
			`sends to the local agent. This backend is only supported on Unix systems,`
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00			`and should not be enabled if any standby Vault instances do not support it.`

Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			`## Format`
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			Each line in the audit log is a JSON object. The `type` field specifies what type of
			object it is. Currently, only two types exist: `request` and `response`. The line contains
Remove redundant variables 2016-03-12 02:27:43 +00:00			`all of the information for any given request and response. By default, all the sensitive`
			`information is first hashed before logging in the audit logs.`
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			`## Enabling`
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			`#### Via the CLI`

			Audit `syslog` backend can be enabled by the following command.

			```
			`$ vault audit-enable syslog`
			```
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			`Backend configuration options can also be provided from command-line.`
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			```
			`$ vault audit-enable syslog tag="vault" facility="AUTH"`
			```
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			`Following are the configuration options available for the backend.`
audit/file: add log_raw parameter and default to hashing 2015-04-27 21:28:02 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			`<dl class="api">`
			`<dt>Backend configuration options</dt>`
			`<dd>`
			`<ul>`
			`<li>`
			`<span class="param">facility</span>`
			`<span class="param-flags">optional</span>`
			The syslog facility to use. Defaults to `AUTH`.
			`</li>`
			`<li>`
			`<span class="param">tag</span>`
			`<span class="param-flags">optional</span>`
			The syslog tag to use. Defaults to `vault`.
			`</li>`
			`<li>`
			`<span class="param">log_raw</span>`
			`<span class="param-flags">optional</span>`
			`A boolean, if set, logs the security sensitive information without`
			hashing, in the raw format. Defaults to `false`.
			`</li>`
			`<li>`
s/hash_accessor/hmac_accessor/g 2016-03-14 18:52:29 +00:00			`<span class="param">hmac_accessor</span>`
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			`<span class="param-flags">optional</span>`
Fix audit docs 2016-03-30 04:54:40 +00:00			A boolean, if set, enables the hashing of token accessor. Defaults to `true`. This option
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			is useful only when `log_raw` is `false`.
			`</li>`
			`</ul>`
			`</dd>`
			`</dl>`