Logrotate will come to the discretion of your System Administrator. The below suggestions are only for guidance on the topic. This article explains how to rotate audit logs when running
ExecStart as a shell for Vault therefore running Vault as a child process and implementing the
Logrotate is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large.
logrotate is run as a daily cron job. It will not modify a log more than once in one day unless the criterion for that log is based on the log's size and
logrotate is being run more than once each day, or unless the
--force option is used.
Log rotation of Vault's Audit log:
- Send a
SIGHUPto the Vault process and the file audit device will close and re-open the underlying file, which can assist with log rotation needs. Note this is not possible when Vault is started as a child process.
- If you are running a shell in your
systemdstartup, and using
logrotate, there is a
copytruncateparameter that can be used to rotate Vault's audit log files.
Truncate the original log file to zero size in place after creating a copy, instead of moving the old log file and optionally creating a new one. It can be used when some program cannot be told to close its logfile and thus might continue writing (appending) to the previous log file forever. Note that there is a very small time slice between copying the file and truncating it, so some logging data might be lost. When this option is used, the
create option will have no effect, as the old log file stays in place. The
copytruncate option allows storing rotated log files on the different devices using
olddir directive. The
copytruncate option implies
logrotate config using
#Do not execute rotate if the log file is empty.
#Set compress on next rotate cycle to prevent entry loss when performing compression.