hashicorp · peteski22 · Oct 11, 2023 · Oct 11, 2023 · Oct 11, 2023 · Oct 11, 2023
@@ -17,6 +17,7 @@ Version | Issue
 ------- | -----
 1.15.0+ | [Vault no longer reports rollback metrics by mountpoint](/vault/docs/upgrading/upgrade-to-1.15.x#rollback-metrics)
 1.15.0  | [Panic in AWS auth method during IAM-based login](/vault/docs/upgrading/upgrade-to-1.15.x#panic-in-aws-auth-method-during-iam-based-login)
+1.15    | [Vault file audit devices do not honor SIGHUP signal to reload](/vault/docs/upgrading/upgrade-to-1.15.x#file-audit-devices-do-not-honor-sighup-signal-to-reload)
 
 ## Vault companion updates
 

@@ -52,3 +52,5 @@ option.
 @include 'known-issues/transit-managed-keys-sign-fails.mdx'
 
 @include 'known-issues/aws-auth-panics.mdx'
+
+@include 'known-issues/1_15-audit-file-sighup-does-not-trigger-reload.mdx'
@@ -0,0 +1,43 @@
+### File audit devices do not honor SIGHUP signal to reload
+
+#### Affected versions
+
+- 1.15.0
+
+#### Issue
+
+The new underlying event framework for Vault causes Vault to continue using 
+audit logs instead of reopening the file paths even when you send 
+[`SIGHUP`](/vault/docs/audit/file#log-file-rotation) after log rotation:
+
+- If you move or rename your audit log file, Vault continues to log data to the
+  moved file. For example, if you archive the log file
+  `audit/log/path/vault-audit.log` by moving it to
+  `audit/log/archive/path/vault-audit.log.bak`, Vault continues to write data to
+  `audit/log/archive/path/vault-audit.log.bak` instead of starting a fresh log
+  at `audit/log/path/vault-audit.log`.
+- If you delete your audit log file, Vault continues to write data to the
+  deleted file, which will continue to consume disk space as it grows. When
+  Vault is sealed or restarted, the OS will perform junk collection on the
+  deleted file and you will lose all data logged the audit file after it was
+  tagged for deletion.
+
+<Warning title="You may lose audit entries">
+  If you delete the audit file on rotation, rather than moving it, you
+  will lose any entries written by Vault after rotation when the OS
+  permanently deletes the file.
+</Warning>
+
+The issue with file audit devices not honoring SIGHUP signals is fixed as a patch release in Vault `1.15.1`.
+
+#### Workaround
+
+If your Vault cluster uses any `file` audit devices, you can use the following
+environment variable set to `true` in order to disable the new underlying event
+framework Vault uses to process audit events.
+
+
+<Note title="Temporary workaround">
+  The `VAULT_AUDIT_DISABLE_EVENTLOGGER` environment variable
+  is a temporary solution and will be removed in a future release of Vault.
+<Note>
Original file line number	Diff line number	Diff line change
Expand Up		@@ -52,3 +52,5 @@ option.
		@include 'known-issues/transit-managed-keys-sign-fails.mdx'

		@include 'known-issues/aws-auth-panics.mdx'

		@include 'known-issues/1_15-audit-file-sighup-does-not-trigger-reload.mdx'