You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Anuj Wadehra (JIRA)" <ji...@apache.org> on 2018/03/01 04:41:00 UTC
[jira] [Commented] (CASSANDRA-12151) Audit logging for database
activity
[ https://issues.apache.org/jira/browse/CASSANDRA-12151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16381505#comment-16381505 ]
Anuj Wadehra commented on CASSANDRA-12151:
------------------------------------------
[~vinaykumarcse] I have gone through your patch.
Some high level review comments on the patch:
# Why do you think logging CL is required? Is CL adding any value for the auditor?
# Don’t you think we should have separate configuration file for auditing rather than cassandra.yaml? —there are applications with considerable number of tables. As per the proposed design, user shall be able to individually specify tables which must be audited and this would clutter the cassandra.yaml file.
# Logging every statement in a Batch separately may have significant performance hit. Can we just log once per Batch and make sure that all operations in the batch are included in that one log statement?
# Are you planning to evaluate and implement a Chronicle Queue variant similar to CASSANDRA-13983?
The patch lacks following features from the design document:
# Configuration of whitelisted/application users and separate auditing configuration for that.
# Configuration of tables to be audited with/without regular expressions e.g. ks1.*,*.table1 etc.
# Auditing bind values of prepared statements and its configuration
# Password Obfuscation for DCL Queries
[~jasobrown] [~vinaykumarcse] We can develop auditing feature (Cassandra code) incrementally. In the first iteration, [~vinaykumarcse] can contribute his patch and then our team shall contribute the remaining 4 features. We are already developing an auditing plugin for Cassandra which aligns with the proposed design and we can port these remaining features from the plugin to the main Cassandra code.
> Audit logging for database activity
> -----------------------------------
>
> Key: CASSANDRA-12151
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12151
> Project: Cassandra
> Issue Type: New Feature
> Reporter: stefan setyadi
> Assignee: Vinay Chella
> Priority: Major
> Fix For: 4.x
>
> Attachments: 12151.txt, DesignProposal_AuditingFeature_ApacheCassandra_v1.docx
>
>
> we would like a way to enable cassandra to log database activity being done on our server.
> It should show username, remote address, timestamp, action type, keyspace, column family, and the query statement.
> it should also be able to log connection attempt and changes to the user/roles.
> I was thinking of making a new keyspace and insert an entry for every activity that occurs.
> Then It would be possible to query for specific activity or a query targeting a specific keyspace and column family.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org