Skip to main content

About system logs

Learn how Piiano Vault collects system logs.

Vault collects system logs to enable the Piiano team to improve your experience, identify faults, and enhance Vault. System logs include system-level events and application logs. These logs are sent to DataDog.

When an unexpected error occurs, Vault sends logs to Sentry. These logs do not include any PII or other data stored in Vault.

Log content

Logs provide details about your interactions with Vault. To protect your business and its PII data, these logs do not include PII data or any information about the your configuration of Vault, such as collection or property names. This is an example of a typical log:

{
"level": "info",
"service": "pvault-dev",
"type": "log",
"version": "0.9.7-gb5f595bc9",
"vault_id": "113161596639522816",
"product": "vault",
"license_key": "...D0BEMhqNe3NArFMQ",
"customer_identifier": "<your identifier>",
"customer_env": "prod",
"dev_mode": false,
"method": "GET",
"operation_id": "get-objects",
"path": "/api/pvlt/1.0/data/collections/test/objects?adhoc_reason=&id=32077c80-3792-4a45-a957-e365bb1c9533&options=&props=email&props=_id&props=first_name&props=last_name&reason=Maintenance&reload_cache=false",
"user_agent": "PiianoVault/0.9.7-gb5f595bc9",
"request_ip": "172.17.0.1",
"server_trace_id": "6b0323e6-b587-4f1b-8cfc-712fc4a4781f",
"app_trace_id": "d27923c6-5d16-41e3-89ee-118b05a25372",
"reason": "Maintenance",
"collection": "test",
"status_code": 200,
"duration": 37.419042,
"time": 1667978774229,
"caller": "/app/common/rest/mws/logger.go:78",
"message": "/api/pvlt/1.0/data/collections/test/objects?adhoc_reason=&id=32077c80-3792-4a45-a957-e365bb1c9533&options=&props=email&props=_id&props=first_name&props=last_name&reason=Maintenance&reload_cache=false"
}

Each log contains your unique and random Vault ID, which is used to identify your logs. You can view your Vault ID by running pvault version.

DataDog logging

Vault confirms it is sending logs to DataDog by printing this to the terminal during start up:

Enabling Datadog log backend
Attention: Sending usage logs and metrics for analytics purpose and improving the product. Your data never leaves the Vault.

To disable the sending of logs to DataDog, add this environment variable to 'docker run':

-e PVAULT_LOG_DATADOG_ENABLE=false

The 'DataDogEnable' flag then confirms that logging is disabled like this:

...Log:{Level:info DataDogAPIKey:xxxxxxxxxxxxxxxxx DataDogEnable:false DataDogSource:prod}}"}...

Sentry logging

Vault confirms it is sending unexpected errors logs to Sentry by printing this to the terminal during start up:

Enabling Sentry telemetry
Attention: Sending unexpected crash telemetry

To disable the sending of logs to Sentry, add this environment variable to 'docker run':

-e PVAULT_SENTRY_ENABLE=false

The 'Sentry' flag group confirms that logging is disabled like this:

...Sentry:{Enable:false DSN:}...

Observability additional data

To identify a Vault instance in Datadog and Sentry, two additional configuration options are available. Providing these configuration options enables Piiano to proactively assist you with errors in your Vault environment.

  • PVAULT_LOG_CUSTOMER_IDENTIFIER to record your customer identifier.
  • PVAULT_LOG_CUSTOMER_ENV to identify your environment. The recommended values are PRODUCTION, STAGING, and DEV.

Setting persistence

If you run Vault with the --rm flag, the logs restarted when you restart Vault. To persist the changes across restarts, run Vault without the --rm flag.