slawek/vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update audit logging instructions and add Alloy configuration for monitoring

Browse Source
This commit is contained in:
Sławek Koszewski
2026-01-18 11:55:08 +01:00
parent dfa2ab5334
commit 54dd1e4e4f
1 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
README.md
View File

@@ -116,9 +116,9 @@ To enhance security and monitoring, enable audit logging on the KMS Vault:
```shell
mkdir -p /var/log/vault
chown -R vault:vault /var/log/vault
chmod 750 /var/log/vault
vault audit enable file file_path=/var/log/vault/audit.log
chown -R vault:adm /var/log/vault
chmod 02750 /var/log/vault
vault audit enable file file_path="/var/log/vault/audit.log" mode="0640"
```
Then monitor the audit log online:
@@ -133,6 +133,17 @@ or offline:
jq -r '. | select(.type == "response") | [ .time, .request.path, .request.operation, .request.remote_address] | @tsv' /var/log/vault/audit.log | column -t -N "time,path,operation,remote_addr"
```
or using Alloy and Grafana. To use Alloy, add the following configuration to `config.alloy`:
```hcl
loki.source.file "vault_audit_log" {
targets = [
{"__path__" = "/var/log/vault/audit.log", "log_name" = "vault_audit"},
]
forward_to = [loki.write.default.receiver]
}
```
### Main Vault Configuration
Depending on main Vault state (new or existing), some of the following steps are mutually exclusive.