HashiCorp Vault
Logystera monitors HashiCorp Vault (including Vault Enterprise) by forwarding audit logs to the Logystera gateway using the Logystera Agent — a Fluentd-based forwarder packaged as a self-contained binary.
Install (systemd)
Install directly on the Vault host as a systemd service. Standard path for bare metal and VMs.
Install →Install (Docker)
Run as a container alongside Vault. Recommended for containerised environments.
Docker →Troubleshooting
Diagnose delivery failures, authentication errors, and connectivity issues.
Troubleshoot →How it works
The agent tails Vault audit log files, batches events, and ships them to the Logystera gateway over HTTPS using HMAC-signed requests.
Vault audit log (file)
│
▼
Fluentd tail input
(reads new lines as they are appended)
│
▼
logystera_batch filter
(accumulates events, flushes on size or interval)
│
▼
logystera_gateway output
(HMAC-signed HTTP POST)
│
▼
Logystera Gateway → Processor → Alerts
The agent has no inbound network surface. It only makes outbound HTTPS connections to the gateway. Position files track read progress, so the agent resumes correctly after restarts without re-sending events.
Requirements
| Requirement | Value |
|---|---|
| OS | Linux (any distribution; Debian/Ubuntu for .deb install) |
| Docker | 20+ (for container deployment) |
| Vault audit logging | Must be enabled and writing to a file (audit enable file) |
| Outbound HTTPS | Required (port 443 to gateway.logystera.com) |
| File read access | Agent user must be able to read the Vault audit log file |