I ran my private KES instance (backed by Azure Key Vault) with the following enabled in the configuration:

log:
  error: on
  audit: on

It only seems to log to standard output when either createKey, importKey or deleteKey are invoked. All other operations don't emit anything to standard output. When I look at the code only the calls that I mentioned are calling auditLogger.Log.

Some errors (like bad client certificate) are logged to stderr, but some other (like creating a key that already exists) aren't logged to stderr.

Although audit logging is emitted to stdout, I also run KES CLI with the log --audit command. When I create a key, then it shows the following header:

Time        Status    Identity                IP                 API                               Latency

But the actual logs are not shown. When running with --json nothing shows up too. According to the documentation, it should show something like this: