Problem

You would like to tail the Vault auth log files, but if you use the vault tag for auditing and your server is also named vault, you cannot filter out the vault auth logs only.

Solution

Use the client_login as the filter in grep:

ubuntu@vault1:~$ sudo tail -f /var/log/auth.log | grep 'client_token'