You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@iotdb.apache.org by qi...@apache.org on 2020/06/16 08:02:48 UTC
[incubator-iotdb] 02/02: add audit log
This is an automated email from the ASF dual-hosted git repository.
qiaojialin pushed a commit to branch add_audit_log
in repository https://gitbox.apache.org/repos/asf/incubator-iotdb.git
commit 795a75fcf2aa8f534ab13069ec3334f02edaddf4
Author: qiaojialin <64...@qq.com>
AuthorDate: Tue Jun 16 16:02:41 2020 +0800
add audit log
---
server/src/assembly/resources/conf/logback.xml | 21 ++++++++++++++
.../org/apache/iotdb/db/conf/IoTDBConstant.java | 2 ++
.../org/apache/iotdb/db/service/TSServiceImpl.java | 32 ++++++++++++++--------
3 files changed, 44 insertions(+), 11 deletions(-)
diff --git a/server/src/assembly/resources/conf/logback.xml b/server/src/assembly/resources/conf/logback.xml
index fc8a179..7121876 100644
--- a/server/src/assembly/resources/conf/logback.xml
+++ b/server/src/assembly/resources/conf/logback.xml
@@ -170,6 +170,24 @@
<level>INFO</level>
</filter>
</appender>
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT">
+ <file>${IOTDB_HOME}/logs/log_audit.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${IOTDB_HOME}/logs/log-audit-%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>50MB</maxFileSize>
+ <maxBackupIndex>50</maxBackupIndex>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ <append>true</append>
+ <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <pattern>%d [%t] %-5p %C:%L - %m %n</pattern>
+ <charset>utf-8</charset>
+ </encoder>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ </appender>
<root level="info">
<appender-ref ref="FILEDEBUG"/>
<appender-ref ref="FILEWARN"/>
@@ -183,4 +201,7 @@
<logger level="info" name="org.apache.iotdb.db.sync">
<appender-ref ref="SYNC"/>
</logger>
+ <logger level="info" name="IoTDB_AUDIT_LOGGER">
+ <appender-ref ref="AUDIT"/>
+ </logger>
</configuration>
diff --git a/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConstant.java b/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConstant.java
index 836afbd..2373f0d 100644
--- a/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConstant.java
+++ b/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConstant.java
@@ -28,6 +28,8 @@ public class IoTDBConstant {
public static final String GLOBAL_DB_NAME = "IoTDB";
public static final String VERSION = "0.10.0-SNAPSHOT";
+ public static final String AUDIT_LOGGER_NAME = "IoTDB_AUDIT_LOGGER";
+
public static final String IOTDB_JMX_PORT = "iotdb.jmx.port";
public static final String IOTDB_PACKAGE = "org.apache.iotdb.service";
diff --git a/server/src/main/java/org/apache/iotdb/db/service/TSServiceImpl.java b/server/src/main/java/org/apache/iotdb/db/service/TSServiceImpl.java
index 11e3ac3..114a521 100644
--- a/server/src/main/java/org/apache/iotdb/db/service/TSServiceImpl.java
+++ b/server/src/main/java/org/apache/iotdb/db/service/TSServiceImpl.java
@@ -118,6 +118,7 @@ import org.slf4j.LoggerFactory;
*/
public class TSServiceImpl implements TSIService.Iface, ServerContext {
+ private static final Logger auditLogger = LoggerFactory.getLogger(IoTDBConstant.AUDIT_LOGGER_NAME);
private static final Logger logger = LoggerFactory.getLogger(TSServiceImpl.class);
private static final String INFO_NOT_LOGIN = "{}: Not login.";
private static final int MAX_SIZE =
@@ -162,11 +163,6 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext {
@Override
public TSOpenSessionResp openSession(TSOpenSessionReq req) throws TException {
- logger.info(
- "{}: receive open session request from username {}",
- IoTDBConstant.GLOBAL_DB_NAME,
- req.getUsername());
-
boolean status;
IAuthorizer authorizer;
try {
@@ -206,6 +202,7 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext {
tsStatus = RpcUtils.getStatus(TSStatusCode.WRONG_LOGIN_PASSWORD_ERROR);
tsStatus.setMessage(loginMessage);
}
+ auditLogger.info("User {} opens Session-{}", req.getUsername(), sessionId);
TSOpenSessionResp resp = new TSOpenSessionResp(tsStatus,
TSProtocolVersion.IOTDB_SERVICE_PROTOCOL_V2);
resp.setSessionId(sessionId);
@@ -222,8 +219,8 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext {
@Override
public TSStatus closeSession(TSCloseSessionReq req) {
- logger.info("{}: receive close session", IoTDBConstant.GLOBAL_DB_NAME);
- long sessionId = currSessionId.get();
+ long sessionId = req.getSessionId();
+ auditLogger.info("Session-{} is closing", sessionId);
currSessionId.remove();
TSStatus tsStatus;
@@ -249,6 +246,7 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext {
}
}
}
+
if (!exceptions.isEmpty()) {
return new TSStatus(
RpcUtils.getStatus(
@@ -268,11 +266,12 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext {
@Override
public TSStatus closeOperation(TSCloseOperationReq req) {
- if (logger.isDebugEnabled()) {
- logger.debug("{}: receive close operation", IoTDBConstant.GLOBAL_DB_NAME);
- }
+ if (auditLogger.isDebugEnabled()) {
+ auditLogger.debug("{}: receive close operation from Session {}", IoTDBConstant.GLOBAL_DB_NAME,
+ currSessionId.get());
+ }
if (!checkLogin(req.getSessionId())) {
- logger.info(INFO_NOT_LOGIN, IoTDBConstant.GLOBAL_DB_NAME);
+ auditLogger.info(INFO_NOT_LOGIN, IoTDBConstant.GLOBAL_DB_NAME);
return RpcUtils.getStatus(TSStatusCode.NOT_LOGIN_ERROR);
}
try {
@@ -526,6 +525,7 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext {
*/
private TSExecuteStatementResp internalExecuteQueryStatement(String statement,
long statementId, PhysicalPlan plan, int fetchSize, String username) {
+ auditLogger.info("Session {} execute Query: {}", currSessionId.get(), statement);
long startTime = System.currentTimeMillis();
long queryId = -1;
try {
@@ -1061,6 +1061,10 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext {
@Override
public TSExecuteBatchStatementResp insertRecords(TSInsertRecordsReq req) {
TSExecuteBatchStatementResp resp = new TSExecuteBatchStatementResp();
+ auditLogger
+ .debug("Session {} insertRecords, first device {}, first time {}", currSessionId.get(),
+ req.deviceIds.get(0), req.getTimestamps().get(0));
+
if (!checkLogin(req.getSessionId())) {
logger.info(INFO_NOT_LOGIN, IoTDBConstant.GLOBAL_DB_NAME);
resp.addToStatusList(RpcUtils.getStatus(TSStatusCode.NOT_LOGIN_ERROR));
@@ -1119,6 +1123,9 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext {
@Override
public TSStatus insertRecord(TSInsertRecordReq req) {
try {
+ auditLogger
+ .info("Session {} insertRecord, device {}, time {}", currSessionId.get(),
+ req.getDeviceId(), req.getTimestamp());
if (!checkLogin(req.getSessionId())) {
logger.info(INFO_NOT_LOGIN, IoTDBConstant.GLOBAL_DB_NAME);
return RpcUtils.getStatus(TSStatusCode.NOT_LOGIN_ERROR);
@@ -1315,6 +1322,7 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext {
return RpcUtils.getStatus(TSStatusCode.NOT_LOGIN_ERROR);
}
+ auditLogger.info("Session-{} create timeseries {}", currSessionId.get(), req.getPath());
TSStatus status = checkPathValidity(req.path);
if (status != null) {
return status;
@@ -1337,6 +1345,8 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext {
logger.info(INFO_NOT_LOGIN, IoTDBConstant.GLOBAL_DB_NAME);
return RpcUtils.getTSBatchExecuteStatementResp(TSStatusCode.NOT_LOGIN_ERROR);
}
+ auditLogger.info("Session-{} create multi timeseries, first is {}", currSessionId.get(),
+ req.getPaths().get(0));
List<TSStatus> statusList = new ArrayList<>(req.paths.size());
for (int i = 0; i < req.paths.size(); i++) {
CreateTimeSeriesPlan plan = new CreateTimeSeriesPlan(new Path(req.getPaths().get(i)),