You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by cd...@apache.org on 2008/05/15 23:31:21 UTC

svn commit: r656852 - in /hadoop/core/trunk: CHANGES.txt conf/log4j.properties src/java/org/apache/hadoop/dfs/FSNamesystem.java

Author: cdouglas
Date: Thu May 15 14:31:21 2008
New Revision: 656852

URL: http://svn.apache.org/viewvc?rev=656852&view=rev
Log:
HADOOP-3336. Direct a subset of annotated FSNamesystem calls for audit logging.


Modified:
    hadoop/core/trunk/CHANGES.txt
    hadoop/core/trunk/conf/log4j.properties
    hadoop/core/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java

Modified: hadoop/core/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/core/trunk/CHANGES.txt?rev=656852&r1=656851&r2=656852&view=diff
==============================================================================
--- hadoop/core/trunk/CHANGES.txt (original)
+++ hadoop/core/trunk/CHANGES.txt Thu May 15 14:31:21 2008
@@ -91,6 +91,9 @@
     configuration property "mapred.line.input.format.linespermap", which
     defaults to 1. (Amareshwari Sriramadasu via ddas) 
 
+    HADOOP-3336. Direct a subset of annotated FSNamesystem calls for audit
+    logging. (cdouglas)
+
   IMPROVEMENTS
    
     HADOOP-2928. Remove deprecated FileSystem.getContentLength().

Modified: hadoop/core/trunk/conf/log4j.properties
URL: http://svn.apache.org/viewvc/hadoop/core/trunk/conf/log4j.properties?rev=656852&r1=656851&r2=656852&view=diff
==============================================================================
--- hadoop/core/trunk/conf/log4j.properties (original)
+++ hadoop/core/trunk/conf/log4j.properties Thu May 15 14:31:21 2008
@@ -72,6 +72,12 @@
 #log4j.appender.RFA.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} - %m%n
 #log4j.appender.RFA.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} (%F:%M(%L)) - %m%n
 
+#
+# FSNamesystem Audit logging
+# All audit events are logged at INFO level
+#
+log4j.logger.org.apache.hadoop.fs.FSNamesystem.audit=WARN
+
 # Custom Logging levels
 
 #log4j.logger.org.apache.hadoop.mapred.JobTracker=DEBUG

Modified: hadoop/core/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java
URL: http://svn.apache.org/viewvc/hadoop/core/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java?rev=656852&r1=656851&r2=656852&view=diff
==============================================================================
--- hadoop/core/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java (original)
+++ hadoop/core/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java Thu May 15 14:31:21 2008
@@ -34,6 +34,7 @@
 import org.apache.hadoop.net.ScriptBasedMapping;
 import org.apache.hadoop.dfs.LeaseManager.Lease;
 import org.apache.hadoop.fs.ContentSummary;
+import org.apache.hadoop.fs.FileStatus;
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.fs.permission.*;
 import org.apache.hadoop.ipc.Server;
@@ -68,6 +69,15 @@
  ***************************************************/
 class FSNamesystem implements FSConstants, FSNamesystemMBean {
   public static final Log LOG = LogFactory.getLog("org.apache.hadoop.fs.FSNamesystem");
+  public static final String AUDIT_FORMAT =
+    "ugi=%s\t" +  // ugi
+    "ip=%s\t" +   // remote IP
+    "cmd=%s\t" +  // command
+    "path=%s\t" + // path
+    "perm=%s";    // permissions (optional)
+
+  public static final Log auditLog = LogFactory.getLog(
+      "org.apache.hadoop.fs.FSNamesystem.audit");
 
   private boolean isPermissionEnabled;
   private UserGroupInformation fsOwner;
@@ -625,6 +635,14 @@
     checkOwner(src);
     dir.setPermission(src, permission);
     getEditLog().logSync();
+    if (auditLog.isInfoEnabled()) {
+      final FileStatus stat = dir.getFileInfo(src);
+      auditLog.info(String.format(AUDIT_FORMAT,
+                    UserGroupInformation.getCurrentUGI(),
+                    Server.getRemoteIp(),
+                    "setPermission", src, stat.getOwner() + ':' +
+                    stat.getGroup() + ':' + stat.getPermission()));
+    }
   }
 
   /**
@@ -645,6 +663,14 @@
     }
     dir.setOwner(src, username, group);
     getEditLog().logSync();
+    if (auditLog.isInfoEnabled()) {
+      final FileStatus stat = dir.getFileInfo(src);
+      auditLog.info(String.format(AUDIT_FORMAT,
+                    UserGroupInformation.getCurrentUGI(),
+                    Server.getRemoteIp(),
+                    "setOwner", src, stat.getOwner() + ':' +
+                    stat.getGroup() + ':' + stat.getPermission()));
+    }
   }
 
   /**
@@ -682,8 +708,15 @@
     if (length < 0) {
       throw new IOException("Negative length is not supported. File: " + src );
     }
-    return getBlockLocationsInternal(dir.getFileINode(src), offset, length,
-        Integer.MAX_VALUE);  
+    final LocatedBlocks ret = getBlockLocationsInternal(dir.getFileINode(src),
+        offset, length, Integer.MAX_VALUE);  
+    if (auditLog.isInfoEnabled()) {
+      auditLog.info(String.format(AUDIT_FORMAT,
+                    UserGroupInformation.getCurrentUGI(),
+                    Server.getRemoteIp(),
+                    "open", src, null));
+    }
+    return ret;
   }
 
   private synchronized LocatedBlocks getBlockLocationsInternal(INodeFile inode,
@@ -769,6 +802,12 @@
                                 throws IOException {
     boolean status = setReplicationInternal(src, replication);
     getEditLog().logSync();
+    if (auditLog.isInfoEnabled()) {
+      auditLog.info(String.format(AUDIT_FORMAT,
+                    UserGroupInformation.getCurrentUGI(),
+                    Server.getRemoteIp(),
+                    "setReplication", src, null));
+    }
     return status;
   }
 
@@ -850,6 +889,14 @@
     startFileInternal(src, permissions, holder, clientMachine, overwrite,
                       replication, blockSize);
     getEditLog().logSync();
+    if (auditLog.isInfoEnabled()) {
+      final FileStatus stat = dir.getFileInfo(src);
+      auditLog.info(String.format(AUDIT_FORMAT,
+                    UserGroupInformation.getCurrentUGI(),
+                    Server.getRemoteIp(),
+                    "create", src, stat.getOwner() + ':' +
+                    stat.getGroup() + ':' + stat.getPermission()));
+    }
   }
 
   private synchronized void startFileInternal(String src,
@@ -1381,6 +1428,12 @@
       }
       boolean status = deleteInternal(src, true, true);
       getEditLog().logSync();
+      if (auditLog.isInfoEnabled()) {
+        auditLog.info(String.format(AUDIT_FORMAT,
+                      UserGroupInformation.getCurrentUGI(),
+                      Server.getRemoteIp(),
+                      "delete", src, null));
+      }
       return status;
     }
     
@@ -1464,6 +1517,14 @@
       ) throws IOException {
     boolean status = mkdirsInternal(src, permissions);
     getEditLog().logSync();
+    if (auditLog.isInfoEnabled()) {
+      final FileStatus stat = dir.getFileInfo(src);
+      auditLog.info(String.format(AUDIT_FORMAT,
+                    UserGroupInformation.getCurrentUGI(),
+                    Server.getRemoteIp(),
+                    "mkdirs", src, stat.getOwner() + ':' +
+                    stat.getGroup() + ':' + stat.getPermission()));
+    }
     return status;
   }
     
@@ -1608,6 +1669,12 @@
         checkTraverse(src);
       }
     }
+    if (auditLog.isInfoEnabled()) {
+      auditLog.info(String.format(AUDIT_FORMAT,
+                    UserGroupInformation.getCurrentUGI(),
+                    Server.getRemoteIp(),
+                    "listStatus", src, null));
+    }
     return dir.getListing(src);
   }