error enabling audit backend

[Elizabeth]

This has worked several times before but I was setting up a new instance of Vault and I'm unable to enable the audit backend. I tried using both the CLI and the REST API as follows:

CLI:

./ vault audit-enable file path=/var/log/vault_audit.log

REST API:

curl -X POST -H "X-Vault-Token":"1234...." -H "Content-Type:application/json" -d '{"type":"file", "options":{"path": "~/vaultAudit.logs"}}' http://localhost:8200/v1/sys/audit/file

The error I get in both cases  : sanity check failed; unable to open /var/log/vault_audit.log for writing: open /var/log/vault_audit.log: permission denied.

All directories have write permissions enabled. I tried running this as the logged in user as well as root - but witht he same result. 

Thanks!

[Michael Fischer]

The audit log directory/file needs to be writable by the user that Vault runs as (we run it as a "vault" pseudo-user, never as root).  Depending on your OS, you may need to also check whether SELinux is restricting write access to the directory, too.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/7561c76d-786d-483f-a7a4-fe1103e82415%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.