From be9a3c03c29a5273dd733cffa15c8f96238f3aab Mon Sep 17 00:00:00 2001
From: Peter Wilson <peter.wilson@hashicorp.com>
Date: Tue, 26 Mar 2024 13:41:15 +0000
Subject: [PATCH 1/2] Add known issue docs for Ent Perf Standby audit header
 logging issue

---
 website/content/docs/release-notes/1.15.0.mdx |  2 ++
 .../docs/upgrading/upgrade-to-1.15.x.mdx      |  2 ++
 ...terprise-perf-standby-logs-all-headers.mdx | 27 +++++++++++++++++++
 3 files changed, 31 insertions(+)
 create mode 100644 website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx

diff --git a/website/content/docs/release-notes/1.15.0.mdx b/website/content/docs/release-notes/1.15.0.mdx
index 5cbcaacbafe3..3bd4a7482f2b 100644
--- a/website/content/docs/release-notes/1.15.0.mdx
+++ b/website/content/docs/release-notes/1.15.0.mdx
@@ -27,6 +27,8 @@ description: |-
 | 1.15.0 - 1.15.4 | [Audit devices could log raw data despite configuration](/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration)                                                                          |
 | 1.15.5          | [Unable to rotate LDAP credentials](/vault/docs/upgrading/upgrade-to-1.15.x#unable-to-rotate-ldap-credentials)                                                                                                                    |
 | 1.15.0 - 1.15.5 | [Deadlock can occur on performance secondary clusters with many mounts](/vault/docs/upgrading/upgrade-to-1.15.x#deadlock-can-occur-on-performance-secondary-clusters-with-many-mounts)                                            |
+| 1.15.0 - 1.15.5 | [Audit fails to recover from panics when formatting audit entries](/vault/docs/upgrading/upgrade-to-1.15.x#audit-fails-to-recover-from-panics-when-formatting-audit-entries)                                                      |
+| 1.15.0 - 1.15.7 | [Vault Enterprise performance standby nodes audit all request headers regardless of settings](/vault/docs/upgrading/upgrade-to-1.15.x#vault-enterprise-performance-standby-nodes-audit-all-request-headers)                       |
 
 
 ## Vault companion updates
diff --git a/website/content/docs/upgrading/upgrade-to-1.15.x.mdx b/website/content/docs/upgrading/upgrade-to-1.15.x.mdx
index 4c664471a5a8..ecdbb1c8f21b 100644
--- a/website/content/docs/upgrading/upgrade-to-1.15.x.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.15.x.mdx
@@ -76,3 +76,5 @@ option.
 @include 'known-issues/1_15-audit-panic-handling-with-eventlogger.mdx'
 
 @include 'known-issues/ocsp-redirect.mdx'
+
+@include 'known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx'
diff --git a/website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx b/website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx
new file mode 100644
index 000000000000..8d9054f9a859
--- /dev/null
+++ b/website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx
@@ -0,0 +1,27 @@
+### Vault Enterprise Performance Standby nodes audit all request headers
+
+#### Affected versions
+
+- 1.15.0 - 1.15.7
+
+#### Issue
+
+Due to a bug in the Enterprise unsealing process, when using the new event framework Performance
+Standby nodes in a Vault Enterprise cluster do not correctly receive configuration
+providing them with the settings for which request headers should be written to the audit log.
+
+Rather than no headers appearing in the audit logs, Vault Enterprise logs **all**
+headers on Performance Standby nodes.
+
+The header issue was resolved in `1.15.8`.
+
+#### Workaround
+
+Set the `VAULT_AUDIT_DISABLE_EVENTLOGGER` environment variable to `true` to
+disable the new underlying event framework and restart Vault:
+
+```shell-session
+$ export VAULT_AUDIT_DISABLE_EVENTLOGGER=true
+```
+
+On startup, Vault reverts to the audit behavior used in `1.14.x`.

From 9e60bae2f5ea8b3049fa74f302fd986b79faa03d Mon Sep 17 00:00:00 2001
From: Peter Wilson <peter.wilson@hashicorp.com>
Date: Tue, 26 Mar 2024 13:54:37 +0000
Subject: [PATCH 2/2] attempt to improve description

---
 ...-vault-enterprise-perf-standby-logs-all-headers.mdx | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx b/website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx
index 8d9054f9a859..de2467ec66ec 100644
--- a/website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx
+++ b/website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx
@@ -6,12 +6,12 @@
 
 #### Issue
 
-Due to a bug in the Enterprise unsealing process, when using the new event framework Performance
-Standby nodes in a Vault Enterprise cluster do not correctly receive configuration
-providing them with the settings for which request headers should be written to the audit log.
+Due to an issue in the new event framework, Performance Standby nodes in a Vault
+Enterprise cluster do not correctly receive configuration regarding which request
+headers should be written to the audit log.
 
-Rather than no headers appearing in the audit logs, Vault Enterprise logs **all**
-headers on Performance Standby nodes.
+Rather than no headers appearing in the audit logs by default, Vault Enterprise
+logs **all** headers on Performance Standby nodes.
 
 The header issue was resolved in `1.15.8`.