slawek/vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update audit logging instructions and add Alloy configuration for monitoring

Browse Source
This commit is contained in:
Sławek Koszewski
2026-01-18 11:55:08 +01:00
parent dfa2ab5334
commit 54dd1e4e4f
1 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
README.md
View File

@@ -116,9 +116,9 @@ To enhance security and monitoring, enable audit logging on the KMS Vault:
```shell ```shell
mkdir -p /var/log/vault mkdir -p /var/log/vault
chown -R vault:vault /var/log/vault chown -R vault:adm /var/log/vault
chmod 750 /var/log/vault chmod 02750 /var/log/vault
vault audit enable file file_path=/var/log/vault/audit.log vault audit enable file file_path="/var/log/vault/audit.log" mode="0640"
``` ```
Then monitor the audit log online: Then monitor the audit log online:
@@ -133,6 +133,17 @@ or offline:
jq -r '. | select(.type == "response") | [ .time, .request.path, .request.operation, .request.remote_address] | @tsv' /var/log/vault/audit.log | column -t -N "time,path,operation,remote_addr" jq -r '. | select(.type == "response") | [ .time, .request.path, .request.operation, .request.remote_address] | @tsv' /var/log/vault/audit.log | column -t -N "time,path,operation,remote_addr"
``` ```
or using Alloy and Grafana. To use Alloy, add the following configuration to `config.alloy`:
```hcl
loki.source.file "vault_audit_log" {
targets = [
{"__path__" = "/var/log/vault/audit.log", "log_name" = "vault_audit"},
]
forward_to = [loki.write.default.receiver]
}
```
### Main Vault Configuration ### Main Vault Configuration
Depending on main Vault state (new or existing), some of the following steps are mutually exclusive. Depending on main Vault state (new or existing), some of the following steps are mutually exclusive.