HCP Vault Dedicated streams audit logs to SigNoz through its Generic HTTP Sink. For SigNoz Cloud, HCP posts to the Vector log intake. Configure the sink from the HCP portal or with Terraform. SigNoz Cloud does not require an agent or collector.
Audit log streaming requires an Essentials or Standard tier cluster. Development tier clusters cannot stream audit logs. HCP Vault Dedicated streams to one log destination at a time, so enabling SigNoz replaces any existing audit log destination.
Prerequisites
- HCP Vault Dedicated cluster on the Essentials orStandard tier Admin role on your HCP organization- An instance of SigNoz ( CloudorSelf-Hosted)
Configure audit log streaming
Log in to the
HCP portaland open your Vault cluster. - Go to
Audit Logs and clickEnable log streaming. - Select
Generic HTTP Sink as the provider and clickNext. - Enter the provider details:
URI:https://ingest.<region>.signoz.cloud/logs/vector
Method:POST
Encoding codec:JSON
Headers: addsignoz-ingestion-key
with<your-ingestion-key>
as the value
Leave compression, authentication strategy, and payload prefix/suffix at their defaults.
- Click Save.
Add an audit_log_config
block to your hcp_vault_cluster
resource:
resource "hcp_vault_cluster" "example" {
cluster_id = "vault-cluster"
hvn_id = hcp_hvn.example.hvn_id
tier = "standard_small"
audit_log_config {
http_uri = "https://ingest.<region>.signoz.cloud/logs/vector"
http_codec = "JSON"
http_method = "POST"
http_headers = {
"signoz-ingestion-key" = var.signoz_ingestion_key
}
}
}
Apply the change:
terraform apply
Verify these values:
<region>
: your SigNoz Cloudregion<your-ingestion-key>
: your SigNozingestion key
HCP can take a few minutes to start streaming after you save.
Validate
- Open
Logs in SigNoz. - Generate Vault activity: log in, read a secret, or run
vault status
against the cluster. - Audit log entries appear within a few minutes. Each record carries Vault audit fields such as
auth
,request.path
, and resource attributes likecluster_id
,cluster_tier
, andhcp_product
.
Troubleshooting
No logs arrive in SigNoz
- Confirm the cluster is on the
Essentials orStandard tier. Development tier clusters cannot stream audit logs. - Recheck the URI region against your
SigNoz region. A wrong region drops data with no error. - Confirm the path is
/logs/vector
and the codec isJSON
. - Copy the
signoz-ingestion-key
value fresh fromSigNoz settings. - For self-hosted SigNoz, confirm HCP can reach your Vector endpoint, and that Vector can reach
http://<signoz-host>:4318/v1/logs
. - HCP can take a few minutes to begin streaming. Generate Vault activity, since an idle cluster produces few audit events.
Streaming to a different destination stopped
HCP Vault Dedicated streams to one log destination at a time. Enabling SigNoz replaces the previous destination. Re-add the previous endpoint if you need it back, but only one can be active.
Limitations
Essentials or Standard tier required. Development tier clusters cannot stream audit logs.One destination at a time. Enabling SigNoz replaces any existing audit log destination.Audit logs only. This path covers audit logs. Vault metrics use a separate streaming destination.
Next Steps
Build dashboardson Vault audit activitySet up log-based alertsto detect anomalous access patternsParse and transform logswith Logs Pipelines
Get Help
If you need help with the steps in this topic, please reach out to us on SigNoz Community Slack. If you are a SigNoz Cloud user, please use in product chat support located at the bottom right corner of your SigNoz instance or contact us at cloud-support@signoz.io.