You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Adam Holmberg (JIRA)" <ji...@apache.org> on 2014/06/20 17:42:24 UTC
[jira] [Updated] (CASSANDRA-7422) Logging for Authentication and
Authorization
[ https://issues.apache.org/jira/browse/CASSANDRA-7422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Adam Holmberg updated CASSANDRA-7422:
-------------------------------------
Attachment: auth_logging_remote_host.patch.201406666201020
auth_logging_remote_host.patch.201406666201020
Possible generalized solution that tags ClientState with remote host, and logs authentication and authorization changes.
Logging enabled by changing log level for the affected classes:
{noformat}
log4j.logger.org.apache.cassandra.auth.AbstractAuthorizer=TRACE
log4j.logger.org.apache.cassandra.service.ClientState=TRACE
{noformat}
Emits messages like this:
{noformat}
TRACE 14:06:14,606 “cassandra" authenticated from /127.0.0.1:53264
TRACE 14:06:49,243 "cassandra" (/127.0.0.1:53264) REVOKES [CREATE, ALTER, DROP, SELECT, MODIFY, AUTHORIZE] on data from “user"
TRACE 14:07:01,540 "cassandra" (/127.0.0.1:53264) GRANTS [SELECT] on data/system_traces/events to "user"
TRACE 14:07:08,263 "cassandra" (/127.0.0.1:53264) REVOKES ALL from "user" (user drop)
{noformat}
I welcome any feedback.
> Logging for Authentication and Authorization
> --------------------------------------------
>
> Key: CASSANDRA-7422
> URL: https://issues.apache.org/jira/browse/CASSANDRA-7422
> Project: Cassandra
> Issue Type: New Feature
> Components: Core
> Reporter: Adam Holmberg
> Priority: Trivial
> Fix For: 1.2.17
>
> Attachments: auth_logging_remote_host.patch.201406666201020
>
>
> We would like to enable Cassandra to log authentication and authorization change events.
> This facilitates audits on access to certain data. As a side effect it would also make it easier to notice ill-behaved clients connecting repeatedly.
--
This message was sent by Atlassian JIRA
(v6.2#6252)