项目作者: dscoduc

项目描述 :
Socket Listener for accepting Vault Audit logging via Sockets
高级语言: C#
项目地址: git://github.com/dscoduc/VaultLogger.git
创建时间: 2020-12-02T00:39:29Z
项目社区:https://github.com/dscoduc/VaultLogger

开源协议:

下载


VaultLogger

Summary

Socket Listener for accepting Vault Audit logging via Sockets. This solution provides the option to use a local socket listener that can receive the Vault audit events and then leverage NLog to manage/rotate/prune the Vault audit log files.

Vault does not include any native way to manage/rotate/prune log files and relies on the operating system or other logging services to handle these services. This is fine for Linux based systems but Windows doesn’t include the necessary services. For example, using a log file for auditing on a Windows system presents a challenge as there isn’t a SigHup comparable option for forcing Vault to disconnect/reconnect to the log file.

Running as a Service

When running Vault on a Windows platform, it is recommended to use Nssm for configuring Vault to run as a service. Using Nssm, it is also possible to run VaultLogger as a service and make it a dependent service for Vault. Once installed as a service, VaultLogger can be running in parallel to the Vault service and accept/process audit log input via the Vault Socket logging option.

Optional Startup Arguments

Executing the application without any startup arguments uses the default values displayed below.

  • -Address={string}

    1. IPv4 Address to listen for incoming connections (default = 127.0.0.1)
    2. NOTE: Must be a specific address; 0.0.0.0 is not supported.
  • -Port={int}

    1. Port to listen for incoming connections [1024-65535] (default = 11000)
  • -ConnectionQueue={int}

    1. Number of incoming connections that can be queued for acceptance (default = 100)
  • -SocketBufferSize={int}

    1. Buffer size in kilobytes used in handle data stream (default = 8192)

Example:

  1. C:\VaultLogger.exe
  2. Starting up...
  3. Listening using the following settings:
  4. -Address=127.0.0.1
  5. -Port=11000
  6. -ConnectionQueue=100
  7. -SocketBufferSize=8192
  8. [5ea327c1-9e92-4416-a3e0-b6e1a7951dfb] New socket connection established
  9. [5ea327c1-9e92-4416-a3e0-b6e1a7951dfb] Socket connection closed
  10. [5ea327c1-9e92-4416-a3e0-b6e1a7951dfb] Sending 100 bytes to logger [AuditLog]

Example:

  1. C:\VaultLogger.exe -Address=192.168.1.10 -Port=9090 -ConnectionQueue=10 -SocketBufferSize=4096
  2. Starting up...
  3. Listening using the following settings:
  4. -Address=192.168.1.10
  5. -Port=9090
  6. -ConnectionQueue=10
  7. -SocketBufferSize=4096
  8. [addb9773-fe15-40e0-bd43-99cb16e520eb] New socket connection established
  9. [addb9773-fe15-40e0-bd43-99cb16e520eb] Socket connection closed
  10. [addb9773-fe15-40e0-bd43-99cb16e520eb] Sending 100 bytes to logger [AuditLog]

Additional Information