-
Notifications
You must be signed in to change notification settings - Fork 4.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Known issues: Vault Enterprise - Performance Standby nodes audit log …
…all request headers (#26158) (#26783) * Add known issue docs for Ent Perf Standby audit header logging issue * attempt to improve description Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
- Loading branch information
1 parent
4336721
commit f1d7bcd
Showing
3 changed files
with
33 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
27 changes: 27 additions & 0 deletions
27
...ials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
### Vault Enterprise Performance Standby nodes audit all request headers | ||
|
||
#### Affected versions | ||
|
||
- 1.15.0 - 1.15.7 | ||
|
||
#### Issue | ||
|
||
Due to an issue in the new event framework, Performance Standby nodes in a Vault | ||
Enterprise cluster do not correctly receive configuration regarding which request | ||
headers should be written to the audit log. | ||
|
||
Rather than no headers appearing in the audit logs by default, Vault Enterprise | ||
logs **all** headers on Performance Standby nodes. | ||
|
||
The header issue was resolved in `1.15.8`. | ||
|
||
#### Workaround | ||
|
||
Set the `VAULT_AUDIT_DISABLE_EVENTLOGGER` environment variable to `true` to | ||
disable the new underlying event framework and restart Vault: | ||
|
||
```shell-session | ||
$ export VAULT_AUDIT_DISABLE_EVENTLOGGER=true | ||
``` | ||
|
||
On startup, Vault reverts to the audit behavior used in `1.14.x`. |