open-vault/website/content/docs/audit/socket.mdx
2022-05-18 08:26:25 -07:00

53 lines
2.3 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: docs
page_title: Socket - Audit Devices
description: The "socket" audit device writes audit writes to a TCP or UDP socket.
---
# Socket Audit Device
The `socket` audit device writes to a TCP, UDP, or UNIX socket.
~> **Warning:** The loss of audit logs may occur when using the UDP socket audit type. Because UDP socket audit type is connectionless, meaning the UDP endpoint becomes unavailable, its possible that any number of audit logs written to it may get lost, even though the request will still succeed. Vault does not provide an indication for the loss of audit logs. Therefore, we recommend using your device in conjunction with a secondary “non-socket” audit device to ensure accuracy and to guarantee that audit logs will not be lost.
~> **Warning:** When using a TCP socket audit type, and connection loss to the socket occurs, a single audit entry may be omitted from the audit entry. The request from the TCP socket audit type will succeed despite the omission of the audit entry.
## Enabling
Enable at the default path:
```shell-session
$ vault audit enable socket
```
Supply configuration parameters via K=V pairs:
```shell-session
$ vault audit enable socket address=127.0.0.1:9090 socket_type=tcp
```
## Configuration
- `address` `(string: "")` - The socket server address to use. Example
`127.0.0.1:9090` or `/tmp/audit.sock`.
- `socket_type` `(string: "tcp")` - The socket type to use, any type compatible
with <a href="https://golang.org/pkg/net/#Dial">net.Dial</a> is acceptable. It's
important to note if TCP is used and the destination socket becomes unavailable
Vault may become unresponsive per [Blocked Audit Devices](docs/audit/#blocked-audit-devices).
- `log_raw` `(bool: false)` - If enabled, logs the security sensitive
information without hashing, in the raw format.
- `hmac_accessor` `(bool: true)` - If enabled, enables the hashing of token
accessor.
- `mode` `(string: "0600")` - A string containing an octal number representing
the bit pattern for the file mode, similar to `chmod`.
- `format` `(string: "json")` - Allows selecting the output format. Valid values
are `"json"` and `"jsonx"`, which formats the normal log entries as XML.
- `prefix` `(string: "")` - A customizable string prefix to write before the
actual log line.