Enable OpenBao telemetry gathering
Collect telemetry data from your OpenBao installation.
Before you start
- You must have access to your OpenBao configuration file.
Step 1: Choose an aggregation agent
OpenBao uses the go-metrics package to export telemetry and supports the
following aggregation agents for time-series monitoring:
| Config prefix | Name | Company |
|---|---|---|
circonus | Circonus | Circonus |
dogstatsd | DogStatsD | Datadog |
prometheus | Prometheus | Prometheus / Open source |
stackdriver | Cloud Operations | |
statsd | Statsd | Open source |
statsite | Statsite | Open source |
Step 2: Enable at least one audit device
To include audit-related metrics, you must enable auditing on at least one device
with the bao audit enable command. For example, to enable auditing for the
file device and save the logs to /var/log/openbao_audit.log:
$ bao audit enable file file_path=/var/log/openbao_audit.log
Step 3: Configure telemetry collection
To configure telemetry collection, update the telemetry stanza in your OpenBao configuration with your collection preferences and aggregation agent details.
For example, the following telemetry stanza configures OpenBao with the standard
telemetry defaults and connects it to a Statsite agent running on the default
port within a company intranet at mycompany.statsite:
telemetry {
usage_gauge_period = "10m"
maximum_gauge_cardinality = 500
disable_hostname = false
enable_hostname_label = false
lease_metrics_epsilon = "1h"
num_lease_metrics_buckets = 168
add_lease_metrics_namespace_labels = false
filter_default = true
statsite_address = "mycompany.statsite:8125"
}
Many metrics solutions charge by the metric. You can set filter_default to
false and use the prefix_filter parameter to include and exclude specific
values based on metric name to avoid paying for irrelevant information.
For example, to limit your telemetry to the core token metrics plus the number of leases set to expire:
telemetry {
filter_default = false
prefix_filter = ["+vault.token", "-vault.expire", "+vault.expire.num_leases"]
}
Step 4: Choose a reporting solution
You need to save or forward your telemetry data to a separate storage solution for reporting, analysis, and alerting. Which solution you need depends on the feature set provided by your aggregation agent and the protocol support of your reporting platform.
Popular reporting solutions compatible with OpenBao:
- Grafana
- Graphite
- InfluxData: Telegraf
- InfluxData: InfluxDB
- InfluxData: Chronograf
- InfluxData: Kapacitor
- Splunk
Next steps
- Review the Key metrics for common health checks guide to identify metrics you may want to start monitoring immediately.
- Review the full list of available telemetry parameters.