Introduction
This article explains how to configure rsyslog to capture Vault service logs and store them in a custom log file location. It also covers the required modifications to the Vault systemd service file and the necessary service restarts.
Prerequisites
- A Linux system using systemd and rsyslog
- Access to the Vault server host
- Root or sudo privileges
- Vault installed as a systemd-managed service (e.g.,
/etc/systemd/system/vault.service)
Configure rsyslog for Vault
To customize where Vault logs are stored, create a configuration file under /etc/rsyslog.d/.
Example file: /etc/rsyslog.d/30-vault.conf
# Send all logs from Vault to /var/vault-log/vault.log
if $programname == 'vault' then /var/vault-log/vault.log
& stopNotes:
- Ensure that the directory
/var/vault-log/exists. - Verify permissions so that the rsyslog service can write logs.
Modify Vault Service Unit File
Update the Vault systemd service file (usually /etc/systemd/system/vault.service) to route logs to syslog.
Add the following under the [Service] section
[Service]
StandardOutput=syslog
StandardError=syslogRestart Services
Apply the updated rsyslog and Vault configurations.
systemctl daemon-reload
systemctl restart rsyslog
systemctl restart vaultVerification
- Check if logs are now appearing in the custom file:
tail -f /var/vault-log/vault.logIf log entries appear, the configuration is successful.