aws-quickstart/quickstart-hashicorp-vault

/var/awslogs/etc/awslogs.conf is not configured properly

Closed this issue · 0 comments

earchibald-lv commented

[Note: my initial report was regarding /etc/awslogs.conf -- this file exists on Vault1, but I looked at /etc/init.d/awslogs and found that /var/awslogs/etc/awslogs.conf is the conf being used.]

The documentation says that CloudWatch Logs will stream to Vault-Audit-Logs but /var/awslogs/etc/awslogs.conf is not set up properly.

On Vault1 it has an empty log_group_name:

[general]
state_file = /var/awslogs/state/agent-state

[/var/log/syslog]
file = /var/log/vault_audit.logstatus
log_group_name =
log_stream_name = {instance_id}
datetime_format = %b %d %H:%M:%S

On Vault2 it has the VAULT_LOG_GROUP token still in place:

[general]
state_file = /var/awslogs/state/agent-state

[/var/log/syslog]
file = /var/log/vault_audit.logstatus
log_group_name = __VAULT_LOG_GROUP__
log_stream_name = {instance_id}
datetime_format = %b %d %H:%M:%S