惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Vercel News
Vercel News
The GitHub Blog
The GitHub Blog
博客园 - 【当耐特】
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recent Announcements
Recent Announcements
D
Docker
GbyAI
GbyAI
酷 壳 – CoolShell
酷 壳 – CoolShell
WordPress大学
WordPress大学
The Cloudflare Blog
雷峰网
雷峰网
A
About on SuperTechFans
小众软件
小众软件
博客园 - Franky
博客园 - 聂微东
F
Full Disclosure
大猫的无限游戏
大猫的无限游戏
C
Check Point Blog
MongoDB | Blog
MongoDB | Blog
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
U
Unit 42
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
V
V2EX
Engineering at Meta
Engineering at Meta
宝玉的分享
宝玉的分享
aimingoo的专栏
aimingoo的专栏
量子位
P
Proofpoint News Feed
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
罗磊的独立博客
Martin Fowler
Martin Fowler
D
DataBreaches.Net
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Secure Thoughts
Project Zero
Project Zero
L
LangChain Blog
阮一峰的网络日志
阮一峰的网络日志
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tailwind CSS Blog
S
Schneier on Security
Blog — PlanetScale
Blog — PlanetScale
The Hacker News
The Hacker News
Spread Privacy
Spread Privacy
Security Latest
Security Latest
NISL@THU
NISL@THU
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
CXSECURITY Database RSS Feed - CXSecurity.com
J
Java Code Geeks

Datadog | The Monitor blog

Introducing our open source AI-native SAST Instrument and monitor Boomi integration flows with OpenTelemetry and Datadog Not all index scans are equal: How we cut query latency by over 99% Platform engineering metrics: What to measure and what to ignore Integrate Recorded Future threat intelligence with Datadog Cloud SIEM CI/CD security: threat modeling using a MITRE-style threat matrix CI/CD security: How to secure your GitHub ecosystem Ingress NGINX is EOL: A practical guide for migrating to Kubernetes Gateway API Operating agentic AI with Amazon Bedrock AgentCore and Datadog LLM Observability: Lessons from NTT DATA Introducing the Datadog Code Security MCP Capture and analyze custom heatmaps in Session Replay Understand session replays faster with AI summaries and smart chapters Monitor ClickHouse query performance with Datadog Database Monitoring How we designed empathetic alert sounds for on-call engineers Search and act across Datadog to resolve issues faster with Bits Assistant Measure the business impact of every product change with Datadog Experiments Analyzing round trip query latency Configuring JavaScript caches for better performance Introducing Bits AI Dev Agent for Code Security Datadog achieves ISO 42001 certification for responsible AI Monitor Nutanix clusters, hosts, and VMs with Datadog Monitor Juniper Mist in Datadog A new Host Map for modern infrastructure Annotate traces to improve LLM quality with Datadog LLM Observability What’s new in Cloud SIEM: AI-powered investigations, enhanced threat intelligence, and scalable security operations Explore Kubernetes with native OpenTelemetry data Monitor Oracle Fusion Cloud Applications with Datadog Announcing the Datadog Terraform provider v4.0.0 Scaling Kubernetes workloads on custom metrics How to design cloud environments for AI-powered threat analysis Monitor Aruba Central in Datadog How we centralize and remediate risks with Datadog Case Management Accelerate incident response with Datadog and ServiceNow Monitor your application and network load balancer logs Understanding Karpenter architecture for Kubernetes autoscaling Tools for collecting metrics and logs from Karpenter Monitor Karpenter with Datadog What your product data is actually saying Key metrics for monitoring Karpenter Securing Datadog’s platform in the AI age: The role of observability data Four ways engineering teams use the Datadog MCP Server to power AI agents Approaching your observability migration with the right mindset Meet the new Bits AI SRE: Deeper reasoning, twice as fast Key learnings from the 2026 State of DevSecOps study Use plain English to query your multi-cloud infrastructure in Resource Catalog Simplifying troubleshooting across the user journey with Datadog Synthetic Monitoring Protect your OCI resources with Datadog Cloud Security This Month in Datadog - February 2026 Amazon EC2 security: How misconfigured and public AMIs expand your cloud attack surface Enable end-to-end visibility into your Java apps with a single command Measure and improve mobile app startup performance with Datadog RUM Evaluating our AI Guard application to improve quality and control cost Identify untested code across every level of your codebase Make use of guardrail metrics and stop babysitting your releases Monitor Versa Networks SD-WAN performance in Datadog Improve performance and reliability with APM Recommendations Remediate transitive vulnerabilities faster with Datadog Software Composition Analysis Generate audit-ready vulnerability and compliance reports with Datadog Sheets Monitor Fortinet FortiManager performance in Datadog Improve test coverage across codebases with Datadog Code Coverage Move fast, don’t break things: Consistent testing standards at scale Enrich logs with ServiceNow CMDB context before routing to any SIEM or logging tool Monitor Lustre with Datadog Make faster, better product decisions with Datadog Product Analytics Surface and remediate runtime posture issues with Workload Protection Findings Protect agentic AI applications with Datadog AI Guard How to optimize JavaScript code with CSS Trace Google Pub/Sub workloads in Cloud Run with Datadog Detect human names in logs with ML in Sensitive Data Scanner How we cut our NLQ agent debugging time from hours to minutes with LLM Observability Debug PostgreSQL query latency faster with EXPLAIN ANALYZE in Datadog Database Monitoring Datadog acquires Propolis Unify and correlate frontend and backend data with retention filters Scale compliance across global frameworks with Datadog Cloud Security Monitor Arista VeloCloud SD-WAN performance with Datadog Building reliable dashboard agents with Datadog LLM Observability Simplify log collection and aggregation for MSSPs with Datadog Observability Pipelines Mitigation for Node.js denial-of-service vulnerability affecting Datadog APM Automate flaky test fixes with the Bits AI Dev Agent and Test Optimization How we built an AI SRE agent that investigates like a team of engineers Datadog integrations 2025 recap: Observability for AI, security, and hybrid cloud Design effective executive dashboards with Datadog Implement dbt data quality checks with dbt-expectations Bring faster visibility into AWS Lambda functions with remote instrumentation Troubleshoot faster with the GitLab Source Code integration in Datadog How Cambia Health Solutions saved $30,000 monthly with Cloud Cost Management and the Datadog Resource Catalog Normalize any logs for Cloud SIEM with Datadog's OCSF processor Optimizing Datadog at scale: Cost-efficient observability at Zendesk Detect, diagnose, and resolve network issues easily with CNM Network Health Connect engineering errors to user impact in early-stage products Cilium configuration for Kubernetes operations at scale Designing feedback loops for progressive delivery Ship features faster and safer with Datadog Feature Flags Choosing the right OpenTelemetry Collector distribution Route your monitor alerts with Datadog monitor notification rules Automate Cloud SIEM investigations with Bits AI Security Analyst Cloud threat detection: How to identify risky activity across control and data planes Collecting Kafka performance metrics Monitoring Kafka with Datadog Monitoring Kafka performance metrics
How to monitor HashiCorp Vault with Datadog
2021-04-20 · via Datadog | The Monitor blog
Kai Xin Tai

Kai Xin Tai

In this series, we’ve introduced key HashiCorp Vault metrics and logs to watch, and looked at some ways to retrieve that information with built-in monitoring tools. Vault is made up of many moving parts, including the core, secrets engine, and audit devices. To get a full picture of Vault health and performance, it’s important to track all these components, along with the resources they consume from their underlying infrastructure. With Datadog, you can get deep visibility into all these components—and the applications that request secrets from Vault—in one place.

In this post, we’ll show you how Datadog helps you monitor Vault more comprehensively with 1,000+ turn-key integrations, sophisticated alerting, and log analytics. With Datadog, you can automatically detect potential security threats, correlate data across your stack, and track long-term performance trends, all in one platform.

To get you started with monitoring Vault, we’ll cover how to:

Getting from Vault to Datadog

Vault aggregates metrics every 10 seconds and holds them in memory for one minute, giving you a quick snapshot of your cluster’s vital signs. But in order to track long-term performance trends and effectively troubleshoot issues, you can configure Datadog to collect and retain these metrics over a longer period of time.

The Datadog Agent is open source software that collects metrics, distributed traces, and logs from your environment and sends them to Datadog, where they are retained at full granularity for 15 months. In addition to gathering telemetry data from Vault’s /sys/metrics endpoint, the Agent automatically reports resource metrics (e.g., CPU, memory, network throughput) from your servers.

To install the Agent, navigate to the Agent installation page of your Datadog account and follow the instructions for your host’s OS. If you’re new to Datadog and would like to follow along with this post, sign up for a free trial. To set up Datadog’s Vault integration, you’ll either need to use a client token or provide the Agent with unauthenticated access to Vault’s metrics endpoint. We’ll describe both of these methods in the following sections.

Use a client token

Our documentation provides instructions on creating a client token to authenticate the Datadog Agent to Vault. Once you’ve created the token, you’ll need to locate the Agent’s directory for integration-specific configuration files—refer to our documentation for more information. In that directory, you should see a Vault subdirectory (vault.d) that contains a sample Vault configuration file named conf.yaml.example. Make a copy of the file in the same directory and save it as conf.yaml. Edit the file to include the location of your Vault HTTP server (api_url), as well as the client token you created for the Datadog Agent earlier (client_token) or path to a directory that contains this client token (client_token_path):

init_config:

instances:

## @param api_url - string - required

## URL of the Vault to query.

#

- api_url: http://localhost:8200/v1

## @param client_token - string - optional

## Client token necessary to collect metrics.

#

client_token: <CLIENT_TOKEN>

## @param client_token_path - string - optional

## Path to a file containing the client token. Overrides `client_token`.

## The token will be re-read after every authorization error.

#

# client_token_path: <CLIENT_TOKEN_PATH>

Restart the Agent so that your configuration changes take effect.

Or, if you would rather not add the token to the configuration file, you can use Datadog’s secrets management package to call an executable that can authenticate to and retrieve the token from Vault.

Enable unauthenticated access to the metrics endpoint

Alternatively, the Datadog Agent can collect metrics without a client token. To do this, you will first need to set the unauthenticated_metrics_access option in the telemetry stanza of your Vault configuration to true to provide the Agent with unauthenticated access to the /sys/metrics endpoint.

listener "tcp" {

telemetry {

unauthenticated_metrics_access = true

}

}

Then, in conf.yaml, set the no_token option to true.

init_config:

instances:

## @param api_url - string - required

## URL of the Vault to query.

- api_url: http://localhost:8200/v1

## @param no_token - boolean - optional - default: false

## Attempt metric collection without a token.

no_token: true

Restart the Agent to apply these configuration changes. The Agent should now be collecting Vault metrics and forwarding them to your Datadog account.

Explore Vault metrics in customizable dashboards

Within minutes of enabling Datadog’s Vault integration, data from your clusters will begin flowing into an out-of-the-box dashboard. This dashboard provides a high-level overview of the health and performance of your clusters, ranging from request throughput and latency to token activity and Consul usage.

Datadog's Vault integration comes with an out-of-the-box dashboard for visualizing key metrics.

You can clone and customize the dashboard to include data from 1,000+ technologies for even more comprehensive monitoring. If you’re not using Consul, you can include graphs and widgets from your storage backend, such as Amazon S3, PostgreSQL, or Cassandra. You can also add event timeline and event stream widgets to your dashboards, allowing you to track when (and how often) important events occur. For instance, frequent changes in cluster leadership in a short period of time could be indicative of a security incident. Later in the post, we’ll show you how you can alert on leadership issues.

Track leadership change events on a dashboard.

In addition, Datadog’s host maps give you a high-level view of your servers, helping you visualize and understand their resource utilization. You can use tags (e.g., instance, host, cloud provider) to group and filter your map, making it easy to drill down to specific segments of your infrastructure when troubleshooting an issue. For example, you can see at a glance if one of your servers is consuming more CPU than the rest, or if a particular availability zone is experiencing higher load and might benefit from rebalancing.

Datadog's host maps give you an overview of all your Vault servers and their resource utilization.

Collect and analyze all your Vault logs

You can gain an even deeper understanding of Vault’s activity by collecting and analyzing logs from your Vault servers. By uniting your metrics and logs, Datadog gives you the context you need to detect errors, investigate issues, and gain deeper insight into your infrastructure and applications. And Datadog Cloud SIEM uses vault logs to automatically detect potential threats to your cluster. In this section, we’ll show you how to collect and analyze your Vault logs with Datadog.

Enable log collection

To configure the Datadog Agent to collect logs, you will need to set the logs_enabled parameter to true in your Agent configuration file (datadog.yaml):

logs_enabled: true

Then, add the following configuration block to your vault.d/conf.yaml file to start collecting Vault logs:

logs:

- type: file

path: /path/to/vault-audit.log

source: vault

- type: file

path: /path/to/vault.log

source: vault

You’ll need to specify the paths to your Vault audit and server logs. For audit logs, you would have specified a location when you used the vault audit enable file command to enable audit logging. The location of your Vault server logs varies depending on the platform you’re running; see Vault’s documentation for details.

Next, you’ll want to ensure that the source attribute is set to vault to trigger Datadog’s built-in Vault integration pipeline, which automatically extracts key attributes from your logs. And by applying tags to your services in a consistent way through Datadog’s unified service tagging, you can seamlessly pivot between related logs, metrics, distributed traces, and profiles for all the context you need to troubleshoot an issue. Save the configuration file and restart the Agent to apply the latest changes.

Explore all of your logs

Now that the Datadog Agent is collecting logs from your Vault servers, you can start correlating metrics with logs to get deeper insights into Vault performance. For example, if you notice any unusual activity in the out-of-the-box Vault dashboard, you can immediately pivot to logs for more context to begin troubleshooting. Datadog’s log processing pipeline automatically parses and enriches your logs with metadata from your host and cloud provider, making it easy for you to filter and analyze logs from Vault and any of the other technologies you’re monitoring.

A context menu on a Vault memory graph shows a link to view related logs.

The screenshot below shows how you can use the service attribute to filter your logs. In this example, we’re showing only logs related to the primaryvault service and filtering out logs from the secondaryvault service. The highlighted log indicates that the Vault is sealed, which could mean that your secrets management service is unavailable, preventing your services from communicating with one another.

The Log Explorer shows details from a Vault log stating that the Vault is sealed.

As Vault generates large volumes of logs, it might not be immediately obvious where to look when you’re trying to troubleshoot an issue. The Log Patterns view groups your logs into clusters based on common patterns to surface interesting trends. This is especially useful for cutting through the noise and steering your investigation in the right direction so you can speed up resolution time.

For example, if you notice that Vault is returning more errors than usual, you can use Log Patterns to identify the most common types of errors. In the example below, we see that logs with the message [ERROR]: login unauthorized due to: Post "https://10.17.0.2/apis/authentication.k8s.io/v1/tokenreviews": dial tcp 10.17.0.2:443: i/o timeout are the most common, which means that we’ll want to look into why Vault is unable to connect to Kubernetes for authentication.

Log Patterns groups your logs by commonalities to help you uncover trends.

Be alerted of issues within your Vault cluster

Since authentication is crucial to the availability of your applications, you’ll want to know if Vault is facing any issues as soon as possible, so you can address them and minimize downtime. Datadog can automatically alert you of anomalous changes in Vault’s activity—such frequent changes in leadership and spikes in failed login requests—that could be indicative of attempted attacks.

As we discussed in Part 1, high leadership turnover in a short period of time could mean that your Vault servers are failing repeatedly or a member of your team is manually sealing them in response to a detected breach. When a leader fails, it stops serving requests and becomes unavailable to clients that depend on Vault. With Datadog, you can create an alert to notify you when the number of leadership changes exceeds a certain threshold. You can also use tags to trigger separate alerts for each datacenter, availability zone, or host.

Creating an event-based monitor to alert us when the number of leader changes exceeds a certain threshold

Additionally, we’ve configured an alert to notify us when Vault fails to elect any of its servers as the leader since it means that the service is unavailable. When setting up the alert, we’ve instructed Datadog to send a notification to our team’s Slack channel each time it triggers. This way, a member of the team is able to immediately troubleshoot the issue before users experience any performance degradations.

An alert that triggers when no Vault servers are reporting as the leader

Besides leadership changes, you may also want to configure an alert to notify you if your storage backend (Amazon S3 in the example below) is taking too long to access your secrets. Adding a descriptive notification message, along with recommended next steps and links to resources (e.g., related dashboards and runbooks) can give your team the necessary context to troubleshoot the issue in a timely manner.

We've created an alert on the metric vault.vault.s3.get.quantile which will trigger if the value rises above fifty milliseconds.

Start monitoring Vault with Datadog

If your applications depend on Vault to manage their secrets, you will want to ensure that Vault is always properly configured, highly performant, and protected against attacks. In this post, we’ve covered how Datadog can give you comprehensive visibility into the health and performance of your Vault clusters. Since Datadog integrates with more than 1,000 technologies, you can monitor all of Vault’s components, alongside the clients that connect to it and the infrastructure that runs it all—in a single, unified platform. With customizable dashboards, log management, and automated alerting, Datadog can help you discover and troubleshoot complex issues from blocked audit devices to misconfigured policies that are preventing clients from properly accessing the secrets they need.

If you don’t yet have a Datadog account, sign up for a free 14-day trial to start monitoring Vault today.