Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] - How to enable audit devices to stdout and save in Stackdriver Logs? #9

Closed
samuelbaruffi opened this issue Oct 11, 2018 · 7 comments
Closed

[Question] - How to enable audit devices to stdout and save in Stackdriver Logs? #9

samuelbaruffi opened this issue Oct 11, 2018 · 7 comments

Comments

@samuelbaruffi
Copy link

Hello,
First of all, thanks for the awesome tutorial. It is very handy.

We have implemented this in our production cluster and were having issues getting the audit device logs to Stackdriver logs.

I have enabled the audit device to stdout by doing the following:

vault audit enable file file_path=stdout

Which I can confirm that is outputting to stdout on the vault container, if I check the logs with:

kubectl logs vault-0 -f vault

But unfortunately those logs are not being saved in Stackdriver for some reason, and I was not able to find more info on how to enable or troubleshoot it. See picture below for my stackdriver log on the vault container:

screen shot 2018-10-11 at 2 17 54 pm

Thanks in advance for the help.

Sam.
@sethvargo
Copy link
Contributor

Hi @samuelbaruffi

Can you share more of that screenshot? The logs should be there, including the Vault startup logs. Can you make sure you're looking at the correct container? What does kubectl get logs show for that container?

@samuelbaruffi
Copy link
Author

Thanks for the quick reply @sethvargo .

See the full screenshot below (hiding few fields for security reasons):

screen shot 2018-10-11 at 2 29 24 pm

The logs for the vault-init containers are being saved to Stackdriver, but for the vault container it does not seem they are. See screenshot below fir the vault-init container in the pod that is working on Stackdriver:

screen shot 2018-10-11 at 2 35 16 pm

If I run kubectl logs vault-0 -f vault I'm able to see all the audit logs.

Thanks for the help!

@sethvargo
Copy link
Contributor

Hmm - that's really weird, since they are deployed the same. Are you able to reproduce it on a new cluster?

@samuelbaruffi
Copy link
Author

I'd have to try creating a new cluster and building Vault again.

I'll post the results once I am able to replicate the environment in a new cluster.

Let me know if you find anything meanwhile.

Thank you.

@sethvargo
Copy link
Contributor

I'm not able to reproduce it on my end. If you're familiar with Terraform, github.com/sethvargo/vault-on-gke is a one-command version of this same thing.

@samuelbaruffi
Copy link
Author

Thank you @sethvargo,

I'll try to use the Terrraform script for my testing.

For now I'll go ahead and close this ticket.

Sam.

@MaxDiOrio
Copy link

MaxDiOrio commented Nov 5, 2018
edited

I'm seeing issues with logging with the Terraform script. Absolutely 0 Kubernetes logs in Stackdriver. But viewing kubectl logs for the Vault container shows the audit logs properly.

For a cluster created "manually" through the GCloud UI, you can see the K8S logs:
image

For the Vault cluster created through the Terraform, nothing.
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sethvargo @samuelbaruffi @MaxDiOrio