Known issues: Vault Enterprise - Performance Standby nodes audit log …

…all request headers (#26158)

* Add known issue docs for Ent Perf Standby audit header logging issue

* attempt to improve description

website/content/docs/release-notes/1.15.0.mdx

@@ -25,7 +25,10 @@ description: |-
 | 1.15.0+         | [URL change for KV v2 plugin](/vault/docs/upgrading/upgrade-to-1.15.x#kv2-url-change)                                                                                                                                             |
 | 1.15.1          | [Fatal error during expiration metrics gathering causing Vault crash](/vault/docs/upgrading/upgrade-to-1.15.x#fatal-error-during-expiration-metrics-gathering-causing-vault-crash)                                                |
 | 1.15.0 - 1.15.4 | [Audit devices could log raw data despite configuration](/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration)                                                                          |
-| 1.15.0 - 1.15.5 | [Deadlock can occur on performance secondary clusters with many mounts](/vault/docs/upgrading/upgrade-to-1.15.x#deadlock-can-occur-on-performance-secondary-clusters-with-many-mounts)
+| 1.15.5          | [Unable to rotate LDAP credentials](/vault/docs/upgrading/upgrade-to-1.15.x#unable-to-rotate-ldap-credentials)                                                                                                                    |
+| 1.15.0 - 1.15.5 | [Deadlock can occur on performance secondary clusters with many mounts](/vault/docs/upgrading/upgrade-to-1.15.x#deadlock-can-occur-on-performance-secondary-clusters-with-many-mounts)                                            |
+| 1.15.0 - 1.15.5 | [Audit fails to recover from panics when formatting audit entries](/vault/docs/upgrading/upgrade-to-1.15.x#audit-fails-to-recover-from-panics-when-formatting-audit-entries)                                                      |
+| 1.15.0 - 1.15.7 | [Vault Enterprise performance standby nodes audit all request headers regardless of settings](/vault/docs/upgrading/upgrade-to-1.15.x#vault-enterprise-performance-standby-nodes-audit-all-request-headers)                       |
 
 ## Vault companion updates
 

website/content/docs/upgrading/upgrade-to-1.15.x.mdx

@@ -72,3 +72,5 @@ option.
 @include 'known-issues/perf-secondary-many-mounts-deadlock.mdx'
 
 @include 'known-issues/ocsp-redirect.mdx'
+
+@include 'known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx'

website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx

@@ -0,0 +1,27 @@
+### Vault Enterprise Performance Standby nodes audit all request headers
+
+#### Affected versions
+
+- 1.15.0 - 1.15.7
+
+#### Issue
+
+Due to an issue in the new event framework, Performance Standby nodes in a Vault
+Enterprise cluster do not correctly receive configuration regarding which request
+headers should be written to the audit log.
+
+Rather than no headers appearing in the audit logs by default, Vault Enterprise
+logs **all** headers on Performance Standby nodes.
+
+The header issue was resolved in `1.15.8`.
+
+#### Workaround
+
+Set the `VAULT_AUDIT_DISABLE_EVENTLOGGER` environment variable to `true` to
+disable the new underlying event framework and restart Vault:
+
+```shell-session
+$ export VAULT_AUDIT_DISABLE_EVENTLOGGER=true
+```
+
+On startup, Vault reverts to the audit behavior used in `1.14.x`.