About the Device
HashiCorp Vault is an identity-based secrets and encryption management system. A secret is anything that you want to tightly control access to, such as API encryption keys, passwords, and certificates.
Vault provides encryption services that are gated by authentication and authorization methods.
Vault works primarily with tokens and a token is associated to the client's policy.
Device Information
Entity | Particulars |
---|---|
Vendor Name | HashiCorp |
Product Name | Vault |
Type of Device | Hosted |
Collection Method
Log Type | Ingestion label | Preferred Logging Protocol | Log collection method |
---|---|---|---|
Hashicorp Vault | HASHICORP | SYSLOG+JSON | CyberHub |
Port Requirements
Source | Destination | Port |
---|---|---|
Vault | CyberHub | 10014 (Secure TCP) |
Device Configuration
Log in to the HashiCorp Vault CLI
$ vault login
Enable audit logging and assign permission
$ vault audit enable file file_path=/var/log/vault_audit.log mode=644
Configure log rotation via log rotate under path /etc/logrotate.d
Create a file named
vault_audit.log
with this content:
/var/log/vault/vault_audit.log { rotate 10 daily #Do not execute rotate if the log file is empty. notifempty missingok compress #Set compress on next rotate cycle to prevent entry loss when performing compression. delaycompress copytruncate extension log dateext dateformat %Y-%m-%d. }
To configure NxLog Agent for TLS TCP Log flow on port 10014:
Download and Install NxLog agent from Download
For TLS, need to create certificate file for communication. On CyberHub , navigate to support user mode and choose option 11 to View Certificate to export for FTPS and TCP.
Copy and paste the certificate to new file and save this file into squid server at desired location.
For Linux Agent, after installation go to installed location “/etc/nxlog.conf”. Rename attached NXLog.conf(TLS) to
nxlog.conf
and copy into this folder.Replace “lcpIp” with “CyberHub IP Address” in
nxlog.conf
Change
vault_audit.log
file location on line 24Add CA File location at position 37
Now start the nxlog service using below command
$ systemctl start nxlog
NxLog agent logs will be available at location "/var/log/nxlog.log"
Log flow should work and you can check on tcpdump using command
tcpdump --AA port 10014
Integration Parameters
Parameters required from customer for Integration.
Property | Default Value | Description |
---|---|---|
IP Address | Vault interface IP address | Hostname or IP address of the device which forwards logs to the CyberHub |