You would like to tail the Vault auth log files, but if you use the vault tag for auditing and your server is also named vault, you cannot filter out the vault auth logs only.
Use the client_login as the filter in grep:
ubuntu@vault1:~$ sudo tail -f /var/log/auth.log | grep 'client_token'
Trying to start the vault server following the guides that specify creating the data directory in /home/vault/data results in the above error and service cannot be started.
According to the guide here: https://learn.hashicorp.com/tutorials/vault/raft-deployment-guide?in=vault/day-one-raft, changing the data directory to /opt/raft and the hcl file to reflect that the server can be started without any errors.