2015-04-20 05:59:39 +00:00
|
|
|
---
|
|
|
|
|
layout: "docs"
|
|
|
|
|
page_title: "Audit Backend: File"
|
|
|
|
|
sidebar_current: "docs-audit-file"
|
|
|
|
|
description: |-
|
|
|
|
|
The "file" audit backend writes audit logs to a file.
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
# Audit Backend: File
|
|
|
|
|
|
2016-03-12 02:14:39 +00:00
|
|
|
The `file` audit backend writes audit logs to a file. This is a very simple audit
|
|
|
|
|
backend: it appends logs to a file. It does not currently assist with any log rotation.
|
2015-04-20 05:59:39 +00:00
|
|
|
|
2016-03-12 02:14:39 +00:00
|
|
|
## Format
|
2015-04-20 05:59:39 +00:00
|
|
|
|
2016-03-12 02:14:39 +00:00
|
|
|
Each line in the audit log is a JSON object. The `type` field specifies what type of
|
|
|
|
|
object it is. Currently, only two types exist: `request` and `response`. The line contains
|
2016-03-12 02:27:43 +00:00
|
|
|
all of the information for any given request and response. By default, all the sensitive
|
|
|
|
|
information is first hashed before logging in the audit logs.
|
2015-04-20 05:59:39 +00:00
|
|
|
|
2016-03-12 02:14:39 +00:00
|
|
|
## Enabling
|
2015-04-20 05:59:39 +00:00
|
|
|
|
2016-03-12 02:14:39 +00:00
|
|
|
#### Via the CLI
|
2015-04-20 05:59:39 +00:00
|
|
|
|
2016-03-12 02:14:39 +00:00
|
|
|
Audit `file` backend can be enabled by the following command.
|
2015-04-20 05:59:39 +00:00
|
|
|
|
2016-03-12 02:14:39 +00:00
|
|
|
```
|
2016-03-14 21:15:07 +00:00
|
|
|
$ vault audit-enable file file_path=/var/log/vault_audit.log
|
2016-03-12 02:14:39 +00:00
|
|
|
```
|
|
|
|
|
|
2016-03-14 21:15:07 +00:00
|
|
|
Any number of `file` audit logs can be created by enabling it with different `path`s.
|
2015-04-20 05:59:39 +00:00
|
|
|
|
2016-03-12 02:14:39 +00:00
|
|
|
```
|
2016-03-14 21:15:07 +00:00
|
|
|
$ vault audit-enable -path="vault_audit_1" file file_path=/home/user/vault_audit.log
|
2016-03-12 02:14:39 +00:00
|
|
|
```
|
2015-04-20 05:59:39 +00:00
|
|
|
|
2016-03-12 02:14:39 +00:00
|
|
|
Note the difference between `audit-enable` command options and the `file` backend
|
|
|
|
|
configuration options. Use `vault audit-enable -help` to see the command options.
|
|
|
|
|
Following are the configuration options available for the backend.
|
2015-04-20 05:59:39 +00:00
|
|
|
|
2016-03-12 02:14:39 +00:00
|
|
|
<dl class="api">
|
|
|
|
|
<dt>Backend configuration options</dt>
|
|
|
|
|
<dd>
|
|
|
|
|
<ul>
|
|
|
|
|
<li>
|
2016-03-14 21:15:07 +00:00
|
|
|
<span class="param">file_path</span>
|
2016-03-12 02:14:39 +00:00
|
|
|
<span class="param-flags">required</span>
|
|
|
|
|
The path to where the audit log will be written. If this
|
|
|
|
|
path exists, the audit backend will append to it.
|
|
|
|
|
</li>
|
|
|
|
|
<li>
|
|
|
|
|
<span class="param">log_raw</span>
|
|
|
|
|
<span class="param-flags">optional</span>
|
|
|
|
|
A boolean, if set, logs the security sensitive information without
|
|
|
|
|
hashing, in the raw format. Defaults to `false`.
|
|
|
|
|
</li>
|
|
|
|
|
<li>
|
2016-03-14 18:52:29 +00:00
|
|
|
<span class="param">hmac_accessor</span>
|
2016-03-12 02:14:39 +00:00
|
|
|
<span class="param-flags">optional</span>
|
|
|
|
|
A boolean, if set, skips the hashing of token accessor. This option
|
|
|
|
|
is useful only when `log_raw` is `false`.
|
|
|
|
|
</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</dd>
|
|
|
|
|
</dl>
|
2015-04-27 21:28:02 +00:00
|
|
|
|
