/var/awslogs/etc/awslogs.conf is not configured properly
Closed this issue · 0 comments
earchibald-lv commented
[Note: my initial report was regarding /etc/awslogs.conf
-- this file exists on Vault1, but I looked at /etc/init.d/awslogs
and found that /var/awslogs/etc/awslogs.conf
is the conf being used.]
The documentation says that CloudWatch Logs will stream to Vault-Audit-Logs
but /var/awslogs/etc/awslogs.conf
is not set up properly.
On Vault1 it has an empty log_group_name
:
[general]
state_file = /var/awslogs/state/agent-state
[/var/log/syslog]
file = /var/log/vault_audit.logstatus
log_group_name =
log_stream_name = {instance_id}
datetime_format = %b %d %H:%M:%S
On Vault2 it has the VAULT_LOG_GROUP token still in place:
[general]
state_file = /var/awslogs/state/agent-state
[/var/log/syslog]
file = /var/log/vault_audit.logstatus
log_group_name = __VAULT_LOG_GROUP__
log_stream_name = {instance_id}
datetime_format = %b %d %H:%M:%S