Expand description
System-wide audit log overview.
Provides high-level statistics and insights about Vault usage across the entire audit log. Supports analyzing multiple log files (compressed or uncompressed) for long-term trend analysis.
§Usage
# Single file (plain or compressed)
vault-audit system-overview audit.log
vault-audit system-overview audit.log.gz
# Multiple files for week-long analysis
vault-audit system-overview day1.log day2.log day3.log
# Using shell globbing with compressed files
vault-audit system-overview logs/vault_audit.2025-10-*.log.gzCompressed File Support: Automatically detects and decompresses .gz (gzip)
and .zst (zstandard) files with streaming processing - no temp files needed.
§Output
Displays comprehensive statistics:
- Total entries processed
- Unique entities
- Unique paths accessed
- Operation breakdown (read, write, list, delete)
- Top paths by access count
- Mount point usage
- Authentication method breakdown
- Time range covered
- Error rate
Useful for:
- Understanding overall Vault usage
- Capacity planning
- Identifying hotspots
- Security audits