You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@cassandra.apache.org by Ajay <aj...@gmail.com> on 2015/01/08 13:34:57 UTC
User audit in Cassandra
Hi,
Is there a way to enable user audit or trace if we have enabled
PasswordAuthenticator in cassandra.yaml and set up the users as well. I
noticed there are keyspaces system_auth and system_trace. But there is no
way to find out which user initiated which session. Is there anyway to find
out?. Also is it recommended to enable system_trace in production or to
know how many sessions started by a user?
Thanks
Ajay
Re: User audit in Cassandra
Posted by DuyHai Doan <do...@gmail.com>.
What you want is something like audit logger like the one provided by DSE ?
(
http://www.datastax.com/2014/12/enhanced-enterprise-security-in-datastax-enterprise-4-6
)
On Thu, Jan 8, 2015 at 1:34 PM, Ajay <aj...@gmail.com> wrote:
> Hi,
>
> Is there a way to enable user audit or trace if we have enabled
> PasswordAuthenticator in cassandra.yaml and set up the users as well. I
> noticed there are keyspaces system_auth and system_trace. But there is no
> way to find out which user initiated which session. Is there anyway to find
> out?. Also is it recommended to enable system_trace in production or to
> know how many sessions started by a user?
>
> Thanks
> Ajay
>
Re: User audit in Cassandra
Posted by Ajay <aj...@gmail.com>.
Thanks Tyler Hobbs.
We need to capture what are the queries ran by a user in a session and its
time taken. (don't need query plan or so). Is that possible? With
Authenticator we can capture only the session creation right?
Thanks
Ajay
On Sat, Jan 10, 2015 at 6:07 AM, Tyler Hobbs <ty...@datastax.com> wrote:
> system_traces is for query tracing, which is for diagnosing performance
> problems, not logging activity.
>
> Cassandra is designed to allow you to write your own Authenticator pretty
> easily. You can just subclass PasswordAuthenticator and add logging where
> desired. Compile that into a jar, put it in the lib/ directory for
> Cassandra, and change cassandra.yaml to use that class.
>
> On Thu, Jan 8, 2015 at 6:34 AM, Ajay <aj...@gmail.com> wrote:
>
>> Hi,
>>
>> Is there a way to enable user audit or trace if we have enabled
>> PasswordAuthenticator in cassandra.yaml and set up the users as well. I
>> noticed there are keyspaces system_auth and system_trace. But there is no
>> way to find out which user initiated which session. Is there anyway to find
>> out?. Also is it recommended to enable system_trace in production or to
>> know how many sessions started by a user?
>>
>> Thanks
>> Ajay
>>
>
>
>
> --
> Tyler Hobbs
> DataStax <http://datastax.com/>
>
Re: User audit in Cassandra
Posted by Tyler Hobbs <ty...@datastax.com>.
system_traces is for query tracing, which is for diagnosing performance
problems, not logging activity.
Cassandra is designed to allow you to write your own Authenticator pretty
easily. You can just subclass PasswordAuthenticator and add logging where
desired. Compile that into a jar, put it in the lib/ directory for
Cassandra, and change cassandra.yaml to use that class.
On Thu, Jan 8, 2015 at 6:34 AM, Ajay <aj...@gmail.com> wrote:
> Hi,
>
> Is there a way to enable user audit or trace if we have enabled
> PasswordAuthenticator in cassandra.yaml and set up the users as well. I
> noticed there are keyspaces system_auth and system_trace. But there is no
> way to find out which user initiated which session. Is there anyway to find
> out?. Also is it recommended to enable system_trace in production or to
> know how many sessions started by a user?
>
> Thanks
> Ajay
>
--
Tyler Hobbs
DataStax <http://datastax.com/>