Logrotate will come to the discretion of your System Administrator. The below suggestions are only for guidance on the topic. This article explains how to rotate audit logs when running ExecStart as a shell for Vault therefore running Vault as a child process and implementing the copytruncate parameter.
What is logrotate?
Logrotate is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large.
Normally, logrotate is run as a daily cron job. It will not modify a log more than once in one day unless the criterion for that log is based on the log's size and logrotate is being run more than once each day, or unless the -f or --force option is used.
Log rotation of Vault's Audit log:
- Send a
SIGHUPto the Vault process and the file audit device will close and re-open the underlying file, which can assist with log rotation needs. Note this is not possible when Vault is started as a child process. - If you are running a shell in your
systemdstartup, and usinglogrotate, there is acopytruncateparameter that can be used to rotate Vault's audit log files.
What is copytruncate?
Truncate the original log file to zero size in place after creating a copy, instead of moving the old log file and optionally creating a new one. It can be used when some program cannot be told to close its logfile and thus might continue writing (appending) to the previous log file forever. Note that there is a very small time slice between copying the file and truncating it, so some logging data might be lost. When this option is used, the create option will have no effect, as the old log file stays in place. The copytruncate option allows storing rotated log files on the different devices using olddir directive. The copytruncate option implies norenamecopy.
Example of logrotate config using copytruncate:
/var/log/vault_audit.log {
rotate 10
daily
#Do not execute rotate if the log file is empty.
notifempty
missingok
compress
#Set compress on next rotate cycle to prevent entry loss when performing compression.
delaycompress
copytruncate
extension log
dateext
dateformat %Y-%m-%d.
}