HashiCorp Vault is an identity-based secrets and encryption management system. A secret is anything that you want to tightly control access to, such as API encryption keys, passwords, and certificates.
Vault provides encryption services that are gated by authentication and authorization methods.
Vault works primarily with tokens and a token is associated to the client's policy.
Entity | Particulars |
|---|---|
Vendor Name | HashiCorp |
Product Name | Vault |
Type of Device | Hosted |
Log Type | Ingestion label | Preferred Logging Protocol | Log collection method |
|---|---|---|---|
Hashicorp Vault | HASHICORP | SYSLOG+JSON | CyberHub |
Source | Destination | Port |
|---|---|---|
Vault | CyberHub | 10014 (Secure TCP) |
Log in to the HashiCorp Vault CLI
$ vault login |
Enable audit logging and assign permission
$ vault audit enable file file_path=/var/log/vault_audit.log mode=644 |
Configure log rotation via log rotate under path /etc/logrotate.d
Create a file named vault_audit.log with this content:
/var/log/vault/vault_audit.log {
rotate 10
daily
#Do not execute rotate if the log file is empty.
notifempty
missingok
compress
#Set compress on next rotate cycle to prevent entry loss when performing compression.
delaycompress
copytruncate
extension log
dateext
dateformat %Y-%m-%d.
} |
To configure NxLog Agent for TLS TCP Log flow on port 10014:
Download and Install NxLog agent from Download
For TLS, need to create certificate file for communication. On CyberHub , navigate to support user mode and choose option 11 to View Certificate to export for FTPS and TCP.
Copy and paste the certificate to new file and save this file into squid server at desired location.
For Linux Agent, after installation go to installed location “/etc/nxlog.conf”. Rename attached NXLog.conf(TLS) to nxlog.conf and copy into this folder.
Replace “lcpIp” with “CyberHub IP Address” in nxlog.conf
Change vault_audit.log file location on line 24
Add CA File location at position 37
Now start the nxlog service using below command
$ systemctl start nxlog |
NxLog agent logs will be available at location "/var/log/nxlog.log"
Log flow should work and you can check on tcpdump using command tcpdump --AA port 10014
Parameters required from customer for Integration.
Property | Default Value | Description |
|---|---|---|
IP Address | Vault interface IP address | Hostname or IP address of the device which forwards logs to the CyberHub |