Audit log file rotation and shipping to Centralize logging

[iusergii]

As I understood from the [audit docs page] (https://www.vaultproject.io/docs/audit/index.html) - the most reliable audit type is file. And there is respective option in values.yaml to enable it. Which creates PVC and attaches to Statefulset.

I wondering what would be the best option to rotate this log file and how to ship it to centralize logging?

Community chart has an option to add side-car containers. We can build images with logrotate/filebeat/fluentd/etc which can do the stuff.

Is that a way you guys see it?

[jasonodonnell]

Hi @iusergii , yes, Vault does not rotate audit files and log rotators/shippers will need to be used. There's a PR under review that will allow injection of extra sidecar containers for this purpose.

[iusergii]

Hi @jasonodonnell, thank you. I will add link to PR.

[jasonodonnell]

Merged #87. Leaving this open to add note to doc about this.