--- layout: "api" page_title: "/sys/audit - HTTP API" sidebar_current: "docs-http-system-audit/" description: |- The `/sys/audit` endpoint is used to enable and disable audit backends. --- # `/sys/audit` The `/sys/audit` endpoint is used to list, mount, and unmount audit backends. Audit backends must be enabled before use, and more than one backend may be enabled at a time. ## List Mounted Audit Backends This endpoint lists only the mounted audit backends (it does not list all available audit backends). - **`sudo` required** – This endpoint requires `sudo` capability in addition to any path-specific capabilities. | Method | Path | Produces | | :------- | :--------------------------- | :--------------------- | | `GET` | `/sys/audit` | `200 application/json` | ### Sample Request ``` $ curl \ --header "X-Vault-Token: ..." \ https://vault.rocks/v1/sys/audit ``` ### Sample Response ```javascript { "file": { "type": "file", "description": "Store logs in a file", "options": { "path": "/var/log/vault.log" } } } ``` ## Mount Audit Backend This endpoint mounts a new audit backend at the supplied path. The path can be a single word name or a more complex, nested path. - **`sudo` required** – This endpoint requires `sudo` capability in addition to any path-specific capabilities. | Method | Path | Produces | | :------- | :--------------------------- | :--------------------- | | `PUT` | `/sys/audit/:path` | `204 (empty body)` | ### Parameters - `path` `(string: )` – Specifies the path in which to mount the audit backend. This is part of the request URL. - `description` `(string: "")` – Specifies a human-friendly description of the audit backend. - `options` `(map: nil)` – Specifies configuration options to pass to the audit backend itself. This is dependent on the audit backend type. - `type` `(string: )` – Specifies the type of the audit backend. ### Sample Payload ```json { "type": "file", "options": { "path": "/var/log/vault/log" } } ``` ### Sample Request ``` $ curl \ --header "X-Vault-Token: ..." \ --request PUT \ --data @payload.json \ https://vault.rocks/v1/sys/audit/example-audit ``` ## Unmount Audit Backend This endpoint un-mounts the audit backend at the given path. - **`sudo` required** – This endpoint requires `sudo` capability in addition to any path-specific capabilities. | Method | Path | Produces | | :------- | :--------------------------- | :--------------------- | | `DELETE` | `/sys/audit/:path` | `204 (empty body)` | ### Parameters - `path` `(string: )` – Specifies the path of the audit backend to delete. This is part of the request URL. ### Sample Request ``` $ curl \ --header "X-Vault-Token: ..." \ --request DELETE \ https://vault.rocks/v1/sys/audit/example-audit ```