You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@hbase.apache.org by Subash Kunjupillai <su...@ericsson.com> on 2018/02/26 07:58:57 UTC

Hbase Audit Logs

Hi,

I've enabled HBase Authorization by adding below properties in
HBase-site.xml and also in log4j Security audit appender is as below.


*hbase-site.xml*

/<property>
     <name>hbase.security.authorization</name>
     <value>true</value>
</property>
<property>
     <name>hbase.coprocessor.master.classes</name>
     <value>org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
<property>
     <name>hbase.coprocessor.region.classes</name>
    
<value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController</value>
</property>/

*log4j.properties*

/hbase.security.log.file=SecurityAuth.audit
hbase.security.log.maxfilesize=256MB
hbase.security.log.maxbackupindex=20
log4j.appender.RFAS=org.apache.log4j.RollingFileAppender
log4j.appender.RFAS.File=${hbase.log.dir}/${hbase.security.log.file}
log4j.appender.RFAS.MaxFileSize=${hbase.security.log.maxfilesize}
log4j.appender.RFAS.MaxBackupIndex=${hbase.security.log.maxbackupindex}
log4j.appender.RFAS.layout=org.apache.log4j.PatternLayout
log4j.appender.RFAS.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n
log4j.category.SecurityLogger=${hbase.security.logger}
log4j.additivity.SecurityLogger=false
log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController=INFO
log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.visibility.VisibilityController=INFO/

I'm able to see the logs being written to SecurityAuth.audit. But my
question is, what configurations should be done to get audit details in log
for operations like put, get, delete, table create.



--
Sent from: http://apache-hbase.679495.n3.nabble.com/HBase-User-f4020416.html

RE: Hbase Audit Logs

Posted by Subash Kunjupillai <su...@ericsson.com>.

Hi,

@Ashish : Thanks, it worked for me after changing the logging level to
TRACE.

@Nikolai : Thanks, got it :)

Regards,
Subash Kunjupillai



--
Sent from: http://apache-hbase.679495.n3.nabble.com/HBase-User-f4020416.html

RE: Hbase Audit Logs

Posted by "Koustov, Nikolai" <Ko...@DNB.com.INVALID>.

Hi,

Also note that the table level audit logging is configured/visible at the Region server not the Master.
The audit logs on the Master will only show the actions performed at the metadata level (create table etc.).

Regards,
Nikolai.

-----Original Message-----
From: ashish singhi [mailto:ashish.singhi@huawei.com] 
Sent: 26 February 2018 08:27
To: user@hbase.apache.org
Subject: RE: Hbase Audit Logs

Hi,

You need to enable TRACE level logging for AccessController.

Change log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController=INFO to log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController=TRACE

Regards,
Ashish

-----Original Message-----
From: Subash Kunjupillai [mailto:subash.k@ericsson.com] 
Sent: Monday, February 26, 2018 1:29 PM
To: user@hbase.apache.org
Subject: Hbase Audit Logs

Hi,

I've enabled HBase Authorization by adding below properties in HBase-site.xml and also in log4j Security audit appender is as below.


*hbase-site.xml*

/<property>
     <name>hbase.security.authorization</name>
     <value>true</value>
</property>
<property>
     <name>hbase.coprocessor.master.classes</name>
     <value>org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
<property>
     <name>hbase.coprocessor.region.classes</name>
    
<value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController</value>
</property>/

*log4j.properties*

/hbase.security.log.file=SecurityAuth.audit
hbase.security.log.maxfilesize=256MB
hbase.security.log.maxbackupindex=20
log4j.appender.RFAS=org.apache.log4j.RollingFileAppender
log4j.appender.RFAS.File=${hbase.log.dir}/${hbase.security.log.file}
log4j.appender.RFAS.MaxFileSize=${hbase.security.log.maxfilesize}
log4j.appender.RFAS.MaxBackupIndex=${hbase.security.log.maxbackupindex}
log4j.appender.RFAS.layout=org.apache.log4j.PatternLayout
log4j.appender.RFAS.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n log4j.category.SecurityLogger=${hbase.security.logger}
log4j.additivity.SecurityLogger=false
log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController=INFO
log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.visibility.VisibilityController=INFO/

I'm able to see the logs being written to SecurityAuth.audit. But my question is, what configurations should be done to get audit details in log for operations like put, get, delete, table create.



--
Sent from: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fapache-hbase.679495.n3.nabble.com%2FHBase-User-f4020416.html&data=02%7C01%7CKoustovN%40dnb.com%7Cea41e014657f4733b21e08d57cf2bc22%7C19e2b708bf12437597198dec42771b3e%7C0%7C0%7C636552304345372779&sdata=7d8vIaKqfvyFowERKzQrZ51yFruDitpbNH2NG9J7TxI%3D&reserved=0

RE: Hbase Audit Logs

Posted by ashish singhi <as...@huawei.com>.

Hi,

You need to enable TRACE level logging for AccessController.

Change log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController=INFO to log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController=TRACE

Regards,
Ashish

-----Original Message-----
From: Subash Kunjupillai [mailto:subash.k@ericsson.com] 
Sent: Monday, February 26, 2018 1:29 PM
To: user@hbase.apache.org
Subject: Hbase Audit Logs

Hi,

I've enabled HBase Authorization by adding below properties in HBase-site.xml and also in log4j Security audit appender is as below.


*hbase-site.xml*

/<property>
     <name>hbase.security.authorization</name>
     <value>true</value>
</property>
<property>
     <name>hbase.coprocessor.master.classes</name>
     <value>org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
<property>
     <name>hbase.coprocessor.region.classes</name>
    
<value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController</value>
</property>/

*log4j.properties*

/hbase.security.log.file=SecurityAuth.audit
hbase.security.log.maxfilesize=256MB
hbase.security.log.maxbackupindex=20
log4j.appender.RFAS=org.apache.log4j.RollingFileAppender
log4j.appender.RFAS.File=${hbase.log.dir}/${hbase.security.log.file}
log4j.appender.RFAS.MaxFileSize=${hbase.security.log.maxfilesize}
log4j.appender.RFAS.MaxBackupIndex=${hbase.security.log.maxbackupindex}
log4j.appender.RFAS.layout=org.apache.log4j.PatternLayout
log4j.appender.RFAS.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n log4j.category.SecurityLogger=${hbase.security.logger}
log4j.additivity.SecurityLogger=false
log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController=INFO
log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.visibility.VisibilityController=INFO/

I'm able to see the logs being written to SecurityAuth.audit. But my question is, what configurations should be done to get audit details in log for operations like put, get, delete, table create.



--
Sent from: http://apache-hbase.679495.n3.nabble.com/HBase-User-f4020416.html