accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3946) Not all accumulo events are audited for Audit logging
Date Mon, 17 Aug 2015 16:53:46 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14699811#comment-14699811
] 

Josh Elser commented on ACCUMULO-3946:
--------------------------------------

{code}
+    private void trace(String format, Object... args) {
+      log.warn(String.format("Log level is set to %s", log.getLevel()));
+      if (!log.isTraceEnabled())
+        return;
+      log.trace(String.format(format, args));
+    }
{code}

You probably didn't mean to include that {{log.warn}}

{code}
+  public boolean canCreateTable(TCredentials c) throws ThriftSecurityException {
+    try {
+      boolean result = super.canCreateTable(c);
+      if (result)
+        audit(c, "create table allowed");
+      else
+        audit(c, "create table denied");
+      return result;
+    } catch (ThriftSecurityException ex) {
+      audit(c, ex, "create table denied");
+      throw ex;
+    }
+  }
{code}

Probably want to extract the principal (username) out of the TCredentials object and include
that in the audit call to keep parity with the other audits. This is just one instance, I
think most of your additions would benefit from this change.

Actually with the above recommended change, you don't need to make any changes to Master.
All of the auditing is kept in AuditedSecurityOperation (as it should be).

> Not all accumulo events are audited for Audit logging
> -----------------------------------------------------
>
>                 Key: ACCUMULO-3946
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3946
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.5.3
>            Reporter: James Mello
>            Assignee: James Mello
>             Fix For: 1.5.4
>
>         Attachments: ACCUMULO-3946.patch
>
>
> Currently accumulo does not log all the major events such as table creation and permissions
changes. Please modify the existing logging to include missing auditing. Note this is related
to ticket ACCUMUO-3939.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message