accumulo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Elser <josh.el...@gmail.com>
Subject Re: Log4j: Removing Audit messages
Date Mon, 16 Mar 2015 01:39:37 GMT
On the contrary, if you don't have a *.audit file, it's probably getting 
parsed as the audit file wasn't made.

log4j.properties is only used for "client" applications -- not the 
server processes.

Server processes configure their logging by first looking for a 
%s_logger.xml and then %s_logger.properties file where %s is the name of 
the process (e.g. tserver, gc).

Generally, there should be the following in your generic_logger.xml:

<logger name="Audit">
   <level value="OFF"/>
</logger>

or in generic_logger.properties (if you remove *_logger.xml):

log4j.logger.Audit=OFF

These should probably be in the templates/examples that we provide. It 
doesn't appear that they presently are.

Dylan Hutchison wrote:
> Yes, here are the contents of conf/auditLog.xml:
>
>     <appender name="Audit"
>     class="org.apache.log4j.DailyRollingFileAppender">
>     <param name="File"
>     value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
>     <param name="MaxBackupIndex" value="10"/>
>     <param name="DatePattern" value="'.'yyyy-MM-dd"/>
>     <layout class="org.apache.log4j.PatternLayout">
>     <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z}
>     [%c{2}] %-5p: %m%n"/>
>     </layout>
>     </appender>
>     <logger name="Audit"  additivity="false">
>     <appender-ref ref="Audit" />
>     <level value="*OFF*"/>
>     </logger>
>
>
> I don't think this file is parsed because if the level were truly OFF,
> then I wouldn't see any audit messages.
>
> On Sun, Mar 15, 2015 at 9:03 PM, Billie Rinaldi
> <billie.rinaldi@gmail.com <mailto:billie.rinaldi@gmail.com>> wrote:
>
>     Do you have an auditLog.xml?
>
>     On Mar 15, 2015 8:58 PM, "Dylan Hutchison" <dhutchis@mit.edu
>     <mailto:dhutchis@mit.edu>> wrote:
>
>         Hi there,
>
>         I'd like to stop appending INFO-level AUDIT log messages to the
>         regular and debug tserver log files. Here is an example log:
>
>             2015-03-15 20:39:26,970 [Audit   ] INFO : operation:
>             permitted; user: root; client: 127.0.0.1:41256
>             <http://127.0.0.1:41256>;
>
>
>         I'm confused how log4j is setup (see ACCUMULO-3546
>         <https://issues.apache.org/jira/browse/ACCUMULO-3546>).  I tried
>         appending variants of
>
>             log4j.logger.Audit=WARN
>
>
>         to $ACCUMULO_HOME/conf/log4j.properties, but no luck.  There is
>         also the generic_logger.xml and generic_logger.properties.
>
>         This line of code
>         from org.apache.accumulo.server.security.AuditedSecurityOperation is
>         relevant:
>
>
>             public static final String AUDITLOG = "Audit";
>             public static final Logger audit = Logger.getLogger(AUDITLOG);
>
>
>         I want to stop this logger.
>
>         Regards,
>         Dylan Hutchison
>
>

Mime
View raw message