open-vault/website/content/docs/audit/socket.mdx

---
layout: docs
page_title: Socket - Audit Devices
description: The "socket" audit device writes audit writes to a TCP or UDP socket.
---

# Socket Audit Device

The `socket` audit device writes to a TCP, UDP, or UNIX socket.

~> **Warning:** Due to the nature of the underlying protocols used in this
device there exists a case when the connection to a socket is lost a single
audit entry could be omitted from the logs and the request will still succeed.
Using this device in conjunction with another audit device will help to improve
accuracy, but the socket device should not be used if strong guarantees are
needed for audit logs.

## Enabling

Enable at the default path:

```shell-session
$ vault audit enable socket
```

Supply configuration parameters via K=V pairs:

```shell-session
$ vault audit enable socket address=127.0.0.1:9090 socket_type=tcp
```

## Configuration

- `address` `(string: "")` - The socket server address to use. Example
  `127.0.0.1:9090` or `/tmp/audit.sock`.

- `socket_type` `(string: "tcp")` - The socket type to use, any type compatible
  with <a href="https://golang.org/pkg/net/#Dial">net.Dial</a> is acceptable.

- `log_raw` `(bool: false)` - If enabled, logs the security sensitive
  information without hashing, in the raw format.

- `hmac_accessor` `(bool: true)` - If enabled, enables the hashing of token
  accessor.

- `mode` `(string: "0600")` - A string containing an octal number representing
  the bit pattern for the file mode, similar to `chmod`.

- `format` `(string: "json")` - Allows selecting the output format. Valid values
  are `"json"` and `"jsonx"`, which formats the normal log entries as XML.

- `prefix` `(string: "")` - A customizable string prefix to write before the
  actual log line.
add socket audit backend 2016-12-07 04:35:30 +00:00			`---`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`layout: docs`
			`page_title: Socket - Audit Devices`
			`description: The "socket" audit device writes audit writes to a TCP or UDP socket.`
add socket audit backend 2016-12-07 04:35:30 +00:00			`---`

Audit backend -> device 2017-09-08 02:38:47 +00:00			`# Socket Audit Device`
add socket audit backend 2016-12-07 04:35:30 +00:00
Audit backend -> device 2017-09-08 02:38:47 +00:00			The `socket` audit device writes to a TCP, UDP, or UNIX socket.
add socket audit backend 2016-12-07 04:35:30 +00:00
Audit backend -> device 2017-09-08 02:38:47 +00:00			`~> Warning: Due to the nature of the underlying protocols used in this`
			`device there exists a case when the connection to a socket is lost a single`
			`audit entry could be omitted from the logs and the request will still succeed.`
			`Using this device in conjunction with another audit device will help to improve`
			`accuracy, but the socket device should not be used if strong guarantees are`
			`needed for audit logs.`
add socket audit backend 2016-12-07 04:35:30 +00:00
			`## Enabling`

Audit backend -> device 2017-09-08 02:38:47 +00:00			`Enable at the default path:`
add socket audit backend 2016-12-07 04:35:30 +00:00
🌷 Docs Website Maintenance (#8985) * website maintenance round * improve docs, revert bug workaround as it was fixed * boost memory * remove unnecessary code 2020-05-21 17:18:17 +00:00			```shell-session
Audit backend -> device 2017-09-08 02:38:47 +00:00			`$ vault audit enable socket`
add socket audit backend 2016-12-07 04:35:30 +00:00			```

Audit backend -> device 2017-09-08 02:38:47 +00:00			`Supply configuration parameters via K=V pairs:`
add socket audit backend 2016-12-07 04:35:30 +00:00
🌷 Docs Website Maintenance (#8985) * website maintenance round * improve docs, revert bug workaround as it was fixed * boost memory * remove unnecessary code 2020-05-21 17:18:17 +00:00			```shell-session
Audit backend -> device 2017-09-08 02:38:47 +00:00			`$ vault audit enable socket address=127.0.0.1:9090 socket_type=tcp`
add socket audit backend 2016-12-07 04:35:30 +00:00			```

Audit backend -> device 2017-09-08 02:38:47 +00:00			`## Configuration`

			- `address` `(string: "")` - The socket server address to use. Example
			`127.0.0.1:9090` or `/tmp/audit.sock`.

			- `socket_type` `(string: "tcp")` - The socket type to use, any type compatible
			`with <a href="https://golang.org/pkg/net/#Dial">net.Dial</a> is acceptable.`

			- `log_raw` `(bool: false)` - If enabled, logs the security sensitive
			`information without hashing, in the raw format.`

			- `hmac_accessor` `(bool: true)` - If enabled, enables the hashing of token
			`accessor.`

			- `mode` `(string: "0600")` - A string containing an octal number representing
			the bit pattern for the file mode, similar to `chmod`.

			- `format` `(string: "json")` - Allows selecting the output format. Valid values
			are `"json"` and `"jsonx"`, which formats the normal log entries as XML.

			- `prefix` `(string: "")` - A customizable string prefix to write before the
			`actual log line.`