diff --git a/builtin/audit/file/backend.go b/builtin/audit/file/backend.go
index 4f39cc7bfb8f..bd1312afc031 100644
--- a/builtin/audit/file/backend.go
+++ b/builtin/audit/file/backend.go
@@ -5,6 +5,7 @@ import (
"os"
"path/filepath"
"strconv"
+ "strings"
"sync"
"github.com/hashicorp/vault/audit"
@@ -28,6 +29,11 @@ func Factory(conf *audit.BackendConfig) (audit.Backend, error) {
}
}
+ // normalize path if configured for stdout
+ if strings.ToLower(path) == "stdout" {
+ path = "stdout"
+ }
+
format, ok := conf.Config["format"]
if !ok {
format = "json"
@@ -92,11 +98,16 @@ func Factory(conf *audit.BackendConfig) (audit.Backend, error) {
}
}
- // Ensure that the file can be successfully opened for writing;
- // otherwise it will be too late to catch later without problems
- // (ref: https://github.com/hashicorp/vault/issues/550)
- if err := b.open(); err != nil {
- return nil, fmt.Errorf("sanity check failed; unable to open %s for writing: %v", path, err)
+ switch path {
+ case "stdout":
+ // no need to test opening file if outputting to stdout
+ default:
+ // Ensure that the file can be successfully opened for writing;
+ // otherwise it will be too late to catch later without problems
+ // (ref: https://github.com/hashicorp/vault/issues/550)
+ if err := b.open(); err != nil {
+ return nil, fmt.Errorf("sanity check failed; unable to open %s for writing: %v", path, err)
+ }
}
return b, nil
@@ -155,6 +166,10 @@ func (b *Backend) LogRequest(auth *logical.Auth, req *logical.Request, outerErr
b.fileLock.Lock()
defer b.fileLock.Unlock()
+ if b.path == "stdout" {
+ return b.formatter.FormatRequest(os.Stdout, b.formatConfig, auth, req, outerErr)
+ }
+
if err := b.open(); err != nil {
return err
}
@@ -183,6 +198,10 @@ func (b *Backend) LogResponse(
b.fileLock.Lock()
defer b.fileLock.Unlock()
+ if b.path == "stdout" {
+ return b.formatter.FormatResponse(os.Stdout, b.formatConfig, auth, req, resp, err)
+ }
+
if err := b.open(); err != nil {
return err
}
@@ -232,6 +251,10 @@ func (b *Backend) open() error {
}
func (b *Backend) Reload() error {
+ if b.path == "stdout" {
+ return nil
+ }
+
b.fileLock.Lock()
defer b.fileLock.Unlock()
diff --git a/website/source/docs/audit/file.html.md b/website/source/docs/audit/file.html.md
index 087b37758f3f..c7940701943b 100644
--- a/website/source/docs/audit/file.html.md
+++ b/website/source/docs/audit/file.html.md
@@ -56,7 +56,7 @@ Following are the configuration options available for the backend.
file_path
required
The path to where the audit log will be written. If this
- path exists, the audit backend will append to it.
+ path exists, the audit backend will append to it. Specify `"stdout"` to write audit log to **stdout**.
log_raw