NEW Boundary on the HashiCorp Cloud Platform is now in public beta Learn more
  • Infrastructure
    • terraform
    • packer
  • Networking
    • consul
  • Security
    • vault
    • boundary
  • Applications
    • nomad
    • waypoint
    • vagrant
  • HashiCorp Cloud Platform

    A fully managed platform to automate infrastructure on any cloud with HashiCorp products.

    • consul
    • terraform
    • vault
    • packerbeta
    Visit cloud.hashicorp.com
  • Overview
  • Tutorials
  • Docs
  • API
  • Community
GitHub—Stars on GitHub
Download
    • v0.9.x (latest)
    • v0.8.x
    • v0.7.x
    • v0.6.x
    • v0.5.x
    • v0.4.x
    • v0.3.x
    • v0.2.x
    • v0.1.x
  • What is Boundary?
    • Overview
      • Overview
      • Production
    • Deploy and Login
    • Connect to Target
    • Overview/Top-Level Parameters
      • Overview
      • PKI Workers
      • KMS Workers OSS Only
      • Overview
      • TCP
      • Unix
      • Overview
      • AEAD
      • AWS KMS
      • AliCloud KMS
      • Azure Key Vault
      • GCP Cloud KMS
      • OCI KMS
      • Vault Transit
      • Overview
      • Common Sink Parameters
      • File Sink
      • Stderr Sink
    • controller OSS Only
    • plugins OSS Only
    • Overview
    • Service Discovery
      • Overview
        • Overview
        • Assignable Permissions
        • Permission Grant Formats
        • Resource Table
      • Data Encryption
      • Connections/TLS
      • Overview
      • Accounts
      • Auth Methods
      • Credentials
      • Credential Libraries
      • Credential Stores
      • Groups
      • Hosts
      • Host Catalogs
      • Host Sets
      • Managed Groups
      • Scopes
      • Sessions
      • Session Connections
      • Targets
      • Roles
      • Users
      • Overview
      • OIDC Managed Groups
      • Resource Listing
      • Worker Tags
      • Events
  • Common Workflows
    • Overview
    • Manage Roles
    • Manage Scopes
    • Manage Sessions
    • Manage Targets
    • Manage Users and Groups
    • Workflow SSH Proxy
    • Overview
    • API
    • CLI
    • Go SDK
    • Desktop
    • Desktop

    • Overview
      • Overview
      • Dev Mode
      • Run and Login
      • Connect to Dev Target
      • Non-Dev Environments
      • Systemd Install
      • Postgres Install
      • High Availability Install
      • Reference Architectures
      • Overview
      • Metrics
      • Health Endpoint
      • Overview
      • Building
      • Developing the UI

  • Roadmap
    • Overview
    • v0.9.0
    • v0.8.0
    • v0.7.0
    • v0.6.0
    • v0.5.0
    • v0.4.0
    • v0.3.0
    • v0.2.0
    • v0.1.0
Type '/' to Search

»Common Sink Parameters

These parameters are shared across all sink types:

  • name - Specify a name for the sink.

  • description - Specify a description for the sink.

  • event_types - Specifies a list of event types that will be sent to the sink. Can be *, error, system, observation or audit.

  • event_source_url - Specifies an optional event source URL for the sink. If not specified a default source will be composed of the https://hashicorp.com/boundary.io/ServerName/Path/FileName.

  • allow_filters - Specifies a set predicates for including an event in the sink. If any filter matches, the event will be included. For more information, on using filters see: event filtering

  • deny-filters - Specifies a set predicates for excluding an event in the sink. If any filter matches, the event will be excluded. For more information on using filters see: event filtering

  • format - Specifies the format for the sink. Can be cloudevents-json, cloudevents-text, hclog-json, or hclog-text.

  • type - Specifies the type of sink. Can be stderr or file.

  • audit_config - Specifies configuration for the processing of audit events for the sink. This is ignored if the sink is not configured to receive audit events.

»audit_config parameters

  • audit_filter_overrides - Specifies overrides for the filter operations that are applied to audit events.

»audit_filter_overrides parameters

  • sensitive (string: "", "encrypt", "hmac-sha256", "redact") - Specifies the filter operation to apply to fields that are classified as sensitive.

  • secret (string: "", "encrypt", "hmac-sha256", "redact") - Specifies the filter operation to apply to fields that are classified as secret.

»audit_config Examples

This example is equivalent to the default settings if no audit_config stanza is provided.

audit_config {
  audit_filter_overrides {
    sensitive = "redact"
    secret    = "redact"
  }
}
audit_config {
  audit_filter_overrides {
    sensitive = "redact"
    secret    = "redact"
  }
}

This example will HMAC sensitive fields, and encrypt secrets.

audit_config {
  audit_filter_overrides {
    sensitive = "hmac-sha256"
    secret    = "encrypt"
  }
}
audit_config {
  audit_filter_overrides {
    sensitive = "hmac-sha256"
    secret    = "encrypt"
  }
}

This example will not apply a filter to sensitive fields.

audit_config {
  audit_filter_overrides {
    sensitive = ""
  }
}
audit_config {
  audit_filter_overrides {
    sensitive = ""
  }
}
github logoEdit this page
DocsLearnPrivacySecurityPress KitConsent Manager