https://dchua.com/tags/audit-backend/ Recent content in audit backend on davidchua Hugo -- gohugo.io en-us Mon, 06 Mar 2017 00:00:00 +0000 https://dchua.com/posts/2017-03-06-forwarding-vault-audit-logs-to-a-remote-syslog-server/ Mon, 06 Mar 2017 00:00:00 +0000 https://dchua.com/posts/2017-03-06-forwarding-vault-audit-logs-to-a-remote-syslog-server/ Using Vault’s Audit Backend to send logs to a remote Syslog server. Objective Send audit_logs from Hashicorp’s Vault to an Graylog instance Prerequisite Setup a Syslog TCP/UDP Input on Graylog (if you’re using graylog) Has a remote syslog server running Steps Important Notice: Vault has a Syslog Audit Backend as part of its suite but it currently does not allow remote forwarding. In order to do that we will have to make use of rsyslog’s rules forwarding.