File audit backend: log to stdout feature #2936
Comments
|
/dev/stdout not working isn't a Vault issue, it's a Docker issue. See moby/moby#19616 |
|
@jefferai It is an ongoing Docker issue, particularly when the container runs as non-root, which Vault does (and should from my understanding). The only workable solution I could find w/ is making a named pipe and streaming this to stdout. This isn't ideal since we need a modified startup script, which needs to supervise vault and the process streaming the named pipe to stdout. There are other approaches like just writing to a shared dir, and having sidecars do rotation & log-forwarding, but this was way over-complicated. I discuss what I tried here: Are there idealogical and/or technical reasons that Vault couldn't just have a stdout backend? |
|
No technical reason, and no idealogical reason other than it really doesn't need to be its own backend, just a special casing within the file backend, e.g. a file path of "-" means use stdout. If you want to open up a feature request, or work on it yourself, please do so against the Vault repo as this tracker is really for issues with the container itself. |
I'm running vault with a Kubernetes environment. It'd be neat if the vault file audit backend could have an option to simply log to stdout so that the logs are captured by Kubernetes itself (which could later by hoovered up by something like fluentd).
I've tried having vault log to /dev/stdout in the container, however that doesn't seem to write to the container log.
The text was updated successfully, but these errors were encountered: