open-vault/website/source/docs/audit/syslog.html.md

---
layout: "docs"
page_title: "Syslog - Audit Devices"
sidebar_current: "docs-audit-syslog"
description: |-
  The "syslog" audit device writes audit logs to syslog.
---

# Syslog Audit Device

The `syslog` audit device writes audit logs to syslog.

It currently does not support a configurable syslog destination, and always
sends to the local agent. This device is only supported on Unix systems,
and should not be enabled if any standby Vault instances do not support it.

## Examples

Audit `syslog` device can be enabled by the following command:

```text
$ vault audit enable syslog
```

Supply configuration parameters via K=V pairs:

```text
$ vault audit enable syslog tag="vault" facility="AUTH"
```

## Configuration

- `facility` `(string: "AUTH")` - The syslog facility to use.

- `tag` `(string: "vault")` - The syslog tag to use.

- `log_raw` `(bool: false)` - If enabled, logs the security sensitive
  information without hashing, in the raw format.

- `hmac_accessor` `(bool: true)` - If enabled, enables the hashing of token
  accessor.

- `mode` `(string: "0600")` - A string containing an octal number representing
  the bit pattern for the file mode, similar to `chmod`.

- `format` `(string: "json")` - Allows selecting the output format. Valid values
  are `"json"` and `"jsonx"`, which formats the normal log entries as XML.

- `prefix` `(string: "")` - A customizable string prefix to write before the
  actual log line.
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00			`---`
			`layout: "docs"`
Audit backend -> device 2017-09-08 02:38:47 +00:00			`page_title: "Syslog - Audit Devices"`
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00			`sidebar_current: "docs-audit-syslog"`
			`description: \|-`
Audit backend -> device 2017-09-08 02:38:47 +00:00			`The "syslog" audit device writes audit logs to syslog.`
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00			`---`

Audit backend -> device 2017-09-08 02:38:47 +00:00			`# Syslog Audit Device`
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00
Audit backend -> device 2017-09-08 02:38:47 +00:00			The `syslog` audit device writes audit logs to syslog.
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			`It currently does not support a configurable syslog destination, and always`
Audit backend -> device 2017-09-08 02:38:47 +00:00			`sends to the local agent. This device is only supported on Unix systems,`
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00			`and should not be enabled if any standby Vault instances do not support it.`

Audit backend -> device 2017-09-08 02:38:47 +00:00			`## Examples`
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00
Audit backend -> device 2017-09-08 02:38:47 +00:00			Audit `syslog` device can be enabled by the following command:
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00
Audit backend -> device 2017-09-08 02:38:47 +00:00			```text
			`$ vault audit enable syslog`
			```
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00
Audit backend -> device 2017-09-08 02:38:47 +00:00			`Supply configuration parameters via K=V pairs:`
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00
Audit backend -> device 2017-09-08 02:38:47 +00:00			```text
			`$ vault audit enable syslog tag="vault" facility="AUTH"`
Doc update for syslog and file backends 2016-03-12 02:14:39 +00:00			```
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00
Audit backend -> device 2017-09-08 02:38:47 +00:00			`## Configuration`
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00
Audit backend -> device 2017-09-08 02:38:47 +00:00			- `facility` `(string: "AUTH")` - The syslog facility to use.

			- `tag` `(string: "vault")` - The syslog tag to use.

			- `log_raw` `(bool: false)` - If enabled, logs the security sensitive
			`information without hashing, in the raw format.`

			- `hmac_accessor` `(bool: true)` - If enabled, enables the hashing of token
			`accessor.`

			- `mode` `(string: "0600")` - A string containing an octal number representing
			the bit pattern for the file mode, similar to `chmod`.

			- `format` `(string: "json")` - Allows selecting the output format. Valid values
			are `"json"` and `"jsonx"`, which formats the normal log entries as XML.
website: Adding the syslog audit backend 2015-04-24 18:44:16 +00:00
Audit backend -> device 2017-09-08 02:38:47 +00:00			- `prefix` `(string: "")` - A customizable string prefix to write before the
			`actual log line.`