You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by cd...@apache.org on 2008/05/15 23:31:21 UTC
svn commit: r656852 - in /hadoop/core/trunk: CHANGES.txt
conf/log4j.properties src/java/org/apache/hadoop/dfs/FSNamesystem.java
Author: cdouglas
Date: Thu May 15 14:31:21 2008
New Revision: 656852
URL: http://svn.apache.org/viewvc?rev=656852&view=rev
Log:
HADOOP-3336. Direct a subset of annotated FSNamesystem calls for audit logging.
Modified:
hadoop/core/trunk/CHANGES.txt
hadoop/core/trunk/conf/log4j.properties
hadoop/core/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java
Modified: hadoop/core/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/core/trunk/CHANGES.txt?rev=656852&r1=656851&r2=656852&view=diff
==============================================================================
--- hadoop/core/trunk/CHANGES.txt (original)
+++ hadoop/core/trunk/CHANGES.txt Thu May 15 14:31:21 2008
@@ -91,6 +91,9 @@
configuration property "mapred.line.input.format.linespermap", which
defaults to 1. (Amareshwari Sriramadasu via ddas)
+ HADOOP-3336. Direct a subset of annotated FSNamesystem calls for audit
+ logging. (cdouglas)
+
IMPROVEMENTS
HADOOP-2928. Remove deprecated FileSystem.getContentLength().
Modified: hadoop/core/trunk/conf/log4j.properties
URL: http://svn.apache.org/viewvc/hadoop/core/trunk/conf/log4j.properties?rev=656852&r1=656851&r2=656852&view=diff
==============================================================================
--- hadoop/core/trunk/conf/log4j.properties (original)
+++ hadoop/core/trunk/conf/log4j.properties Thu May 15 14:31:21 2008
@@ -72,6 +72,12 @@
#log4j.appender.RFA.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} - %m%n
#log4j.appender.RFA.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} (%F:%M(%L)) - %m%n
+#
+# FSNamesystem Audit logging
+# All audit events are logged at INFO level
+#
+log4j.logger.org.apache.hadoop.fs.FSNamesystem.audit=WARN
+
# Custom Logging levels
#log4j.logger.org.apache.hadoop.mapred.JobTracker=DEBUG
Modified: hadoop/core/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java
URL: http://svn.apache.org/viewvc/hadoop/core/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java?rev=656852&r1=656851&r2=656852&view=diff
==============================================================================
--- hadoop/core/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java (original)
+++ hadoop/core/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java Thu May 15 14:31:21 2008
@@ -34,6 +34,7 @@
import org.apache.hadoop.net.ScriptBasedMapping;
import org.apache.hadoop.dfs.LeaseManager.Lease;
import org.apache.hadoop.fs.ContentSummary;
+import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.*;
import org.apache.hadoop.ipc.Server;
@@ -68,6 +69,15 @@
***************************************************/
class FSNamesystem implements FSConstants, FSNamesystemMBean {
public static final Log LOG = LogFactory.getLog("org.apache.hadoop.fs.FSNamesystem");
+ public static final String AUDIT_FORMAT =
+ "ugi=%s\t" + // ugi
+ "ip=%s\t" + // remote IP
+ "cmd=%s\t" + // command
+ "path=%s\t" + // path
+ "perm=%s"; // permissions (optional)
+
+ public static final Log auditLog = LogFactory.getLog(
+ "org.apache.hadoop.fs.FSNamesystem.audit");
private boolean isPermissionEnabled;
private UserGroupInformation fsOwner;
@@ -625,6 +635,14 @@
checkOwner(src);
dir.setPermission(src, permission);
getEditLog().logSync();
+ if (auditLog.isInfoEnabled()) {
+ final FileStatus stat = dir.getFileInfo(src);
+ auditLog.info(String.format(AUDIT_FORMAT,
+ UserGroupInformation.getCurrentUGI(),
+ Server.getRemoteIp(),
+ "setPermission", src, stat.getOwner() + ':' +
+ stat.getGroup() + ':' + stat.getPermission()));
+ }
}
/**
@@ -645,6 +663,14 @@
}
dir.setOwner(src, username, group);
getEditLog().logSync();
+ if (auditLog.isInfoEnabled()) {
+ final FileStatus stat = dir.getFileInfo(src);
+ auditLog.info(String.format(AUDIT_FORMAT,
+ UserGroupInformation.getCurrentUGI(),
+ Server.getRemoteIp(),
+ "setOwner", src, stat.getOwner() + ':' +
+ stat.getGroup() + ':' + stat.getPermission()));
+ }
}
/**
@@ -682,8 +708,15 @@
if (length < 0) {
throw new IOException("Negative length is not supported. File: " + src );
}
- return getBlockLocationsInternal(dir.getFileINode(src), offset, length,
- Integer.MAX_VALUE);
+ final LocatedBlocks ret = getBlockLocationsInternal(dir.getFileINode(src),
+ offset, length, Integer.MAX_VALUE);
+ if (auditLog.isInfoEnabled()) {
+ auditLog.info(String.format(AUDIT_FORMAT,
+ UserGroupInformation.getCurrentUGI(),
+ Server.getRemoteIp(),
+ "open", src, null));
+ }
+ return ret;
}
private synchronized LocatedBlocks getBlockLocationsInternal(INodeFile inode,
@@ -769,6 +802,12 @@
throws IOException {
boolean status = setReplicationInternal(src, replication);
getEditLog().logSync();
+ if (auditLog.isInfoEnabled()) {
+ auditLog.info(String.format(AUDIT_FORMAT,
+ UserGroupInformation.getCurrentUGI(),
+ Server.getRemoteIp(),
+ "setReplication", src, null));
+ }
return status;
}
@@ -850,6 +889,14 @@
startFileInternal(src, permissions, holder, clientMachine, overwrite,
replication, blockSize);
getEditLog().logSync();
+ if (auditLog.isInfoEnabled()) {
+ final FileStatus stat = dir.getFileInfo(src);
+ auditLog.info(String.format(AUDIT_FORMAT,
+ UserGroupInformation.getCurrentUGI(),
+ Server.getRemoteIp(),
+ "create", src, stat.getOwner() + ':' +
+ stat.getGroup() + ':' + stat.getPermission()));
+ }
}
private synchronized void startFileInternal(String src,
@@ -1381,6 +1428,12 @@
}
boolean status = deleteInternal(src, true, true);
getEditLog().logSync();
+ if (auditLog.isInfoEnabled()) {
+ auditLog.info(String.format(AUDIT_FORMAT,
+ UserGroupInformation.getCurrentUGI(),
+ Server.getRemoteIp(),
+ "delete", src, null));
+ }
return status;
}
@@ -1464,6 +1517,14 @@
) throws IOException {
boolean status = mkdirsInternal(src, permissions);
getEditLog().logSync();
+ if (auditLog.isInfoEnabled()) {
+ final FileStatus stat = dir.getFileInfo(src);
+ auditLog.info(String.format(AUDIT_FORMAT,
+ UserGroupInformation.getCurrentUGI(),
+ Server.getRemoteIp(),
+ "mkdirs", src, stat.getOwner() + ':' +
+ stat.getGroup() + ':' + stat.getPermission()));
+ }
return status;
}
@@ -1608,6 +1669,12 @@
checkTraverse(src);
}
}
+ if (auditLog.isInfoEnabled()) {
+ auditLog.info(String.format(AUDIT_FORMAT,
+ UserGroupInformation.getCurrentUGI(),
+ Server.getRemoteIp(),
+ "listStatus", src, null));
+ }
return dir.getListing(src);
}