About system logs
Learn how Piiano Vault collects system logs
Vault collects system logs to enable the Piiano team to improve your experience, identify faults, and enhance Vault. System logs include system-level events and application logs. These logs are sent to DataDog.
When an unexpected error occurs, Vault sends logs to Sentry. These logs do not include any PII or other data stored in Vault.
Log content
Logs provide details about your interactions with Vault. To protect your business and its PII data, these logs do not include PII data or any information about the your configuration of Vault, such as collection or property names. This is an example of a typical log:
{
"level": "info",
"service": "pvault-dev",
"type": "log",
"version": "0.9.7-gb5f595bc9",
"vault_id": "113161596639522816",
"product": "vault",
"license_key": "...D0BEMhqNe3NArFMQ",
"customer_identifier": "<your identifier>",
"customer_env": "prod",
"dev_mode": false,
"method": "GET",
"operation_id": "list-objects",
"url": "/api/pvlt/1.0/data/collections/test/objects?adhoc_reason=&id=32077c80-3792-4a45-a957-e365bb1c9533&options=&props=email&props=id&props=first_name&props=last_name&reason=Maintenance&reload_cache=false",
"user_agent": "PiianoVault/0.9.7-gb5f595bc9",
"trace_id": "6b0323e6-b587-4f1b-8cfc-712fc4a4781f",
"reason": "Maintenance",
"collection": "test",
"status_code": 200,
"duration": 37.419042,
"time": 1667978774229,
"caller": "/app/common/rest/mws/logger.go:78",
"message": "/api/pvlt/1.0/data/collections/test/objects?adhoc_reason=&id=32077c80-3792-4a45-a957-e365bb1c9533&options=&props=email&props=id&props=first_name&props=last_name&reason=Maintenance&reload_cache=false"
}
Each log contains your unique and random Vault ID, which is used to identify your logs. You can view your Vault ID by running pvault version.
Trace ID
Every request includes a random ID that identifies the request. This ID is logged under trace_id. A request can override the generated value using the X-Request-ID header. For example:
curl --request GET --url http://localhost:8123/api/pvlt/1.0/system/info/version \
--header 'Authorization: Bearer pvaultauth' \
--header 'X-Request-ID: <your unique ID>'
In certain systems such as AWS App Runner, the X-Request-ID header is overwritten by the system. In that case you can use X-Pvault-Request-ID.
curl --request GET --url http://localhost:8123/api/pvlt/1.0/system/info/version \
--header 'Authorization: Bearer pvaultauth' \
--header 'X-Pvault-Request-ID: <your unique ID>'
Overriding is useful when you want to correlate between your client requests and the Vault logs.
DataDog logging
Vault confirms it is sending logs to DataDog by printing this to the terminal during start up:
Enabling Datadog log backend
Attention: Sending usage logs and metrics for analytics purpose and improving the product. Your data never leaves the Vault.
To disable the sending of logs to DataDog, add this environment variable to 'docker run':
-e PVAULT_LOG_DATADOG_ENABLE=none
The 'DataDogEnable' flag then confirms that logging is disabled like this:
...Log:{Level:info DataDogAPIKey:xxxxxxxxxxxxxxxxx DataDogEnable:none DataDogSource:prod}}"}...
Sentry logging
Vault confirms it is sending unexpected errors logs to Sentry by printing this to the terminal during start up:
Enabling Sentry telemetry
Attention: Sending unexpected crash telemetry
To disable the sending of logs to Sentry, add this environment variable to 'docker run':
-e PVAULT_SENTRY_ENABLE=false
The 'Sentry' flag group confirms that logging is disabled like this:
...Sentry:{Enable:false DSN:}...
Observability additional data
To identify a Vault instance in Datadog and Sentry, two additional configuration options are available. Providing these configuration options enables Piiano to proactively assist you with errors in your Vault environment.
PVAULT_LOG_CUSTOMER_IDENTIFIERto record your customer identifier.PVAULT_LOG_CUSTOMER_ENVto identify your environment. The recommended values areproduction,staging, anddev.
Setting persistence
If you run Vault with the --rm flag, the logs restarted when you restart Vault. To persist the changes across restarts, run Vault without the --rm flag.