accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Mello (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-3939) Accumulo AuditedSecurityOperation is not initialized properly
Date Tue, 21 Jul 2015 13:19:04 GMT


James Mello commented on ACCUMULO-3939:

There is no auditLog.xml in the 1.5.0 version or the 1.5.3 version I'm running. Instead I
set the logging level in the generic_logger.xml to ALL for the following:

  <appender name="AUDIT" class="org.apache.log4j.RollingFileAppender">
     <param name="File"           value="${org.apache.accumulo.core.dir.log}/audit.log"/>
     <param name="MaxFileSize"    value="1000MB"/>
     <param name="MaxBackupIndex" value="10"/>
     <param name="Threshold"      value="ALL"/>
     <layout class="org.apache.log4j.PatternLayout">
       <param name="ConversionPattern" value="%d{ISO8601} [%-8c{2}] %-5p: %m%n"/>

  <logger name="">
     <level value="ALL"/>
        <appender-ref ref="AUDIT" />

I didn't get any messages for any of the security packages with this configuration.

The full configuration is attached

> Accumulo AuditedSecurityOperation is not initialized properly
> -------------------------------------------------------------
>                 Key: ACCUMULO-3939
>                 URL:
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.5.3
>            Reporter: James Mello
>            Priority: Critical
>              Labels: easyfix
> While reading the source I found out that the AuditedSecurityOperation is never initialized
> The AuditSecurityOperation does not contain a getInstance() static method. This in turn
just calls the SecurityOperation getInstance() method. Because this is called in a static
manner the getInstance(String instanceId, boolean initialize) is called against the SecurityOperation
class not the AuditedSecurityOperation class.
> This should just be a simple fix that adds the getInstance() method to the AuditedSecurityOperation
> This is critical as we are in need of this security auditing to meet Information Assurance
requirements for an upcoming major release of our software.

This message was sent by Atlassian JIRA

View raw message