一、新增audit日誌功能： 1.建立策略： vault policy write audit ./audit.hcl [root@k8s ~]# cat audit.hcl # 'sudo' capability is required to manage audit devices path "sys/audit/*" { capabilities = ["create", "read", "update", "delete", "list", "sudo"] } # To list enabled audit devices, 'sudo' capability is required path "sys/audit" { capabilities = ["read", "sudo"] } 2.建立此策略的token： vault token create -policy=audit 3.登入此token： vault login ****** 4.啟用audit功能： vault audit enable file file_path=/data/vault-audit.log 效果： 二、更改日誌級別： 1.使用cli命令 vault server -config=/etc/vault/config-file.hcl -log-level=debug 2.AULT_LOG_LEVEL環境變數 export VAULT_LOG_LEVEL=debug 3.伺服器配置文件裡新增 log_level = "Debug" 三、新增syslog日誌 vault audit enable syslog tag="vault" facility="AUTH" tailf /var/log/message就有操作日誌了 參考官網：Troubleshooting Vault | Vault - HashiCorp Learn；Syslog - Audit Devices | Vault by HashiCorp (vaultproject.io)