Configure HCP Vault audit logs streaming to Datadog

This tutorial covers configuration of HCP Vault audit logs streaming to your existing Datadog environment.

Prerequisites

To configure audit logs streaming to Splunk Cloud or Enterprise, you will need to have:

• Your Datadog region and API key

• An account with Admin or Contributor role assigned in HCP

• A production grade HCP Vault cluster

  Note

  If you don't have a cluster running, refer to the Create a Vault Cluster on HCP tutorial to create an HCP Vault cluster through HCP Portal. Or, refer to the Deploy HCP Vault with Terraform tutorial to provision an HCP Vault cluster using Terraform.

Enable audit logs streaming

1. From the HCP Vault cluster Overview page, select the Audit Logs view.

2. Click Enable log Streaming.

3. From the Enable audit logs streaming view, select Datadog as the provider and click Next.

4. Under Datadog configuration, enter your API Key and select the Datadog site region that matches your existing Datadog environment.

5. Click Save.

   Note

   At this time, HCP Vault only supports audit logs streaming to one log endpoint at a time.

Refer to the Datadog documentation for details on log exploration.

Edit the audit log streaming configuration

To edit a audit log streaming integration, perform the following steps.

1. From the Audit Logs page, click on the Manage drop-down, then Edit configuration.

2. Edit the configuration, then click Save.

Disable audit log streaming

To disable a audit log streaming integration, from the Audit Logs page, click on the Manage drop-down, then Disable streaming.