Table of Contents
vaultwarden logs only to standard output (stdout) by default. You can also configure it to log to a file or Syslog.
Logging to a file
Logging to a file is supported as of version 1.5.0. You can specify the path to the log file with the LOG_FILE
environment variable:
docker run -d --name vaultwarden \
...
-e LOG_FILE=/data/vaultwarden.log \
...
When this environment variable is set, log messages will be logged to both stdout and the log file. If you're running in Docker, you'll most likely want to use a file path that is mounted from the Docker host (such as the data
folder); otherwise, your log file will be lost (or at least hard to find) if the container is restarted or removed.
Logging to Syslog
You can use Syslog with the USE_SYSLOG
environment variable while alse setting EXTENDED_LOGGING=true
:
docker run -d --name vaultwarden \
...
-e USE_SYSLOG=true -e EXTENDED_LOGGING=true \
...
When this environment variable is set, log messages will be logged to both stdout and Syslog.
Changing the log level
To reduce the amount of log messages, you can set the log level to 'warn' (default is 'info'). The Log level can be adjusted with the environment variable LOG_LEVEL
while also setting EXTENDED_LOGGING=true
. NOTE: Using the log level "warn" or "error" still allows Fail2Ban to work properly.
LOG_LEVEL
options are: "trace", "debug", "info", "warn", "error" or "off".
docker run -d --name vaultwarden \
...
-e LOG_LEVEL=warn -e EXTENDED_LOGGING=true \
...
Viewing logs
If running in Docker: docker logs <container-name>
If running via systemd
: journalctl -u vaultwarden.service
(or whatever your service is named)
Otherwise, check where standard output is being redirected, or set the LOG_FILE
environment variable and view that file.
FAQs
Container Image Usage
- Which container image to use
- Starting a container
- Updating the vaultwarden image
- Using Docker Compose
- Using Podman
Deployment
- Building your own docker image
- Building binary
- Pre-built binaries
- Third-party packages
- Deployment examples
- Proxy examples
- Logrotate example
HTTPS
Configuration
- Overview
- Disable registration of new users
- Disable invitations
- Enabling admin page
- Disable the admin token
- Enabling WebSocket notifications
- Enabling Mobile Client push notification
- Enabling U2F and FIDO2 WebAuthn authentication
- Enabling YubiKey OTP authentication
- Changing persistent data location
- Changing the API request size limit
- Changing the number of workers
- SMTP configuration
- Translating the email templates
- Password hint display
- Disabling or overriding the Vault interface hosting
- Logging
- Creating a systemd service
- Syncing users from LDAP
- Using an alternate base dir (subdir/subpath)
- Other configuration
Database
- Using the MariaDB (MySQL) Backend
- Using the PostgreSQL Backend
- Running without WAL enabled
- Migrating from MariaDB (MySQL) to SQLite