You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Sam Tunnicliffe (JIRA)" <ji...@apache.org> on 2016/07/08 12:08:11 UTC

[jira] [Commented] (CASSANDRA-10635) Add metrics for authentication failures

    [ https://issues.apache.org/jira/browse/CASSANDRA-10635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15367587#comment-15367587 ] 

Sam Tunnicliffe commented on CASSANDRA-10635:
---------------------------------------------

I wonder whether meters rather than counters would be more useful here, being able to provide not just an absolute count but rates of auth failure/success. I would imagine that the ability to detect spikes here would provide more actionable signals for operators. 

I'm not wild about tying the metric/mbean names to the message classes. It would be cleaner IMO to grouop them with the existing client metrics (at least in the mbeans). Doing it that way would mean being losing the ability to disambiguate between the counts generated from {{CredentialsMessage}}(protocol v1) and {{AuthResponse}}(later versions), but that's a feature not a bug for me and we should have dedicated metrics for the versions used by connecting clients if they're relevant. 

[~soumava] I've pushed a branch which applies the above changes to your original patch [here|https://github.com/beobal/cassandra/tree/10635-trunk], wdyt?

[~cnlwsu] would be good to get your opinion here too, if you have chance to take a look.

> Add metrics for authentication failures
> ---------------------------------------
>
>                 Key: CASSANDRA-10635
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-10635
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Soumava Ghosh
>            Assignee: Soumava Ghosh
>            Priority: Minor
>             Fix For: 3.x
>
>         Attachments: 10635-2.1.txt, 10635-2.2.txt, 10635-3.0.txt, 10635-dtest.patch, 10635-trunk.patch
>
>
> There should be no auth failures on a cluster in general. 
> Having metrics around the authentication code would help detect clients 
> that are connecting to the wrong cluster or have auth incorrectly configured.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)