You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Vinay Chella (JIRA)" <ji...@apache.org> on 2018/02/27 02:23:00 UTC
[jira] [Comment Edited] (CASSANDRA-12151) Audit logging for
database activity
[ https://issues.apache.org/jira/browse/CASSANDRA-12151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16377534#comment-16377534 ]
Vinay Chella edited comment on CASSANDRA-12151 at 2/27/18 2:22 AM:
-------------------------------------------------------------------
Hi [~eanujwa] [~jasobrown],
I’m excited to see the design document and it looks good to us!
Netflix had a similar requirement recently for our internal 2.1 clusters and we implemented a simple version (no query categories, etc…) for sox auditing. As your design is very close to what we implemented, just a few differently named classes for the most part, can we work together on the trunk [patchset|https://github.com/vinaykumarchella/cassandra/pull/2] to add the missing components from your design? Alternatively, we could take an incremental approach, review what we have on the trunk branch of the simple version and get it committed and then add in some of the more advanced features next. I believe this patch follows the design goals that you put together.
Please review and let me know if you have any questions or concerns about the first iteration. If folks are interested in the 3.x/2.x branches I can put those up on my github as well.
[~jhb]
{quote}I just have one question, do you think enabling/updating/disabling audit require a node restart?
{quote}
The posted patch allows online auditlog enable/disable via JMX.
[~jjordan]
{quote}You should take a look at the infrastructure added in CASSANDRA-13983 for query logging
{quote}
Yes, we looked and that certainly looks interesting, perhaps this design allows us to use it as another implementation of {{IAuditLogger}}?
was (Author: vinaykumarcse):
Hi [~eanujwa] [~jasobrown],
I’m excited to see the design document and it looks good to us!
Netflix had a similar requirement recently for our internal 2.1 clusters and we implemented a simple version (no query categories, etc…) for sox auditing. As your design is very close to what we implemented, just a few differently named classes for the most part, can we work together on the trunk [patchset|https://github.com/vinaykumarchella/cassandra/pull/2] to add the missing components from your design? Alternatively, we could take an incremental approach, review what we have on the trunk branch of the simple version and get it committed and then add in some of the more advanced features next. I believe this patch follows the design goals that you put together.
Please review and let me know if you have any questions or concerns about the first iteration. If folks are interested in the 3.x/2.x branches I can put those up on my github as well.
[~jhb]
{quote}I just have one question, do you think enabling/updating/disabling audit require a node restart?
{quote}
The posted patch allows online auditlog enable/disable or filter updates via JMX.
[~jjordan]
{quote}You should take a look at the infrastructure added in CASSANDRA-13983 for query logging
{quote}
Yes, we looked and that certainly looks interesting, perhaps this design allows us to use it as another implementation of {{IAuditLogger}}?
> Audit logging for database activity
> -----------------------------------
>
> Key: CASSANDRA-12151
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12151
> Project: Cassandra
> Issue Type: New Feature
> Reporter: stefan setyadi
> Assignee: Anuj Wadehra
> Priority: Major
> Fix For: 4.x
>
> Attachments: 12151.txt, DesignProposal_AuditingFeature_ApacheCassandra_v1.docx
>
>
> we would like a way to enable cassandra to log database activity being done on our server.
> It should show username, remote address, timestamp, action type, keyspace, column family, and the query statement.
> it should also be able to log connection attempt and changes to the user/roles.
> I was thinking of making a new keyspace and insert an entry for every activity that occurs.
> Then It would be possible to query for specific activity or a query targeting a specific keyspace and column family.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org