Typo in logrotate config?
raj-saxena opened this issue · 2 comments
raj-saxena commented
I noticed in our installation that the audit and server logs stopped being written after the files were rotated. After going through the article about vault auditing and other threads like this, I believe that we need to indeed send SIGHUP to the vault process.
Looking at the startup script, I see that the authors of this module configure logrotate for vault.
However, I see 2 issues with the postrotate section:
...
postrotate
test -s run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid)
true
...- The test would always fail as the correct filepath should be
/run/rsyslogd.pid(missing leading forward-slash). - I am not sure why we are sending the
SIGHUPto the rsyslog process. Based on what the Vault page says, it should be the pid of Vault.
raj-saxena commented
As a quick fix to my problem, I verified that the following restores logs being written to /var/log/{audit, server}.log
$ vault audit-disable file
$ vault audit-enable file path=...
raj-saxena commented
Added a PR with a possible fix based on my observations on the vault instance.
I request you to please explain if I am wrong in my understanding. Thanks