You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@knox.apache.org by Yunus Durmuş <yu...@yanis.co> on 2020/02/03 14:15:05 UTC
Is it possible to log Hive queries in Knox?
Hi everyone,
I would like to log every Hive query that runs via Knox. The audit
functionality shows that there is some activity by user X, but it does not
show the action itself.
When a security incident occurs, I should be able to figure out who
accesses what and when.
cheers
yunus
Re: Is it possible to log Hive queries in Knox?
Posted by Yunus Durmuş <yu...@yanis.co>.
Thanks for the info. It is really helpful.
On Mon, Feb 3, 2020 at 3:42 PM Kevin Risden <kr...@apache.org> wrote:
> No not really. In general, Knox deals in HTTP requests and doesn't know
> what is in those requests. There is no parsing in Knox of the actual
> request data. A request comes to Knox an then is based through to the
> backend.
>
> In the case of Hive JDBC over HTTP, a single "action" is typically
> multiple HTTP requests and aren't correlated easily at Knox. Some examples
> of HTTP requests;
> * Open connection
> * Create statement
> * Execute statement
> * Get resultset (do this for N number of batches of results)
> * Close statement
> * Close connection
>
> All of the above are separate HTTP requests that get passed down to
> HiveServer2. Knox doesn't know what the requests mean other than they need
> to go to HS2.
>
> If you are looking for audit for actions taken, you need to get that from
> the backend service that knows what action was taken.
>
> Kevin Risden
>
>
> On Mon, Feb 3, 2020 at 9:15 AM Yunus Durmuş <yu...@yanis.co> wrote:
>
>> Hi everyone,
>>
>> I would like to log every Hive query that runs via Knox. The audit
>> functionality shows that there is some activity by user X, but it does not
>> show the action itself.
>> When a security incident occurs, I should be able to figure out who
>> accesses what and when.
>>
>> cheers
>> yunus
>>
>>
Re: Is it possible to log Hive queries in Knox?
Posted by Kevin Risden <kr...@apache.org>.
No not really. In general, Knox deals in HTTP requests and doesn't know
what is in those requests. There is no parsing in Knox of the actual
request data. A request comes to Knox an then is based through to the
backend.
In the case of Hive JDBC over HTTP, a single "action" is typically multiple
HTTP requests and aren't correlated easily at Knox. Some examples of HTTP
requests;
* Open connection
* Create statement
* Execute statement
* Get resultset (do this for N number of batches of results)
* Close statement
* Close connection
All of the above are separate HTTP requests that get passed down to
HiveServer2. Knox doesn't know what the requests mean other than they need
to go to HS2.
If you are looking for audit for actions taken, you need to get that from
the backend service that knows what action was taken.
Kevin Risden
On Mon, Feb 3, 2020 at 9:15 AM Yunus Durmuş <yu...@yanis.co> wrote:
> Hi everyone,
>
> I would like to log every Hive query that runs via Knox. The audit
> functionality shows that there is some activity by user X, but it does not
> show the action itself.
> When a security incident occurs, I should be able to figure out who
> accesses what and when.
>
> cheers
> yunus
>
>