I'm researching the various audit devices for Hashicorp Vault. My goal is to run Vault in a Docker environment (currently Docker Swarm). The File method is fairly straightforward, but I'm also interested in syslog. Has anyone successfully used the syslog method to pipe logs to an external syslog server?
The only way I've come across is to have more than one process in the container and to use something like rsyslog. For example, using the s6 overlay project. I've found several guides on using rsyslog, but nothing other than this project when running Vault in a container.
Anyone have suggestions or best practices for storing Vault audit logs when running Vault in a container? Thanks
PS. I mentioned Docker Swarm as the current environment, but eventually the plan is to move all of this to Kubernetes. I've done a bit of research there, but still not sure what the best method would be. Kubernetes solutions are most welcome as well.
