cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam Holmberg (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CASSANDRA-7422) Logging for Authentication and Authorization
Date Fri, 20 Jun 2014 15:42:24 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-7422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Adam Holmberg updated CASSANDRA-7422:
-------------------------------------

    Attachment: auth_logging_remote_host.patch.201406666201020

auth_logging_remote_host.patch.201406666201020
Possible generalized solution that tags ClientState with remote host, and logs authentication
and authorization changes.

Logging enabled by changing log level for the affected classes:
{noformat}
log4j.logger.org.apache.cassandra.auth.AbstractAuthorizer=TRACE
log4j.logger.org.apache.cassandra.service.ClientState=TRACE
{noformat}

Emits messages like this:
{noformat}
TRACE 14:06:14,606 “cassandra" authenticated from /127.0.0.1:53264
TRACE 14:06:49,243 "cassandra" (/127.0.0.1:53264) REVOKES [CREATE, ALTER, DROP, SELECT, MODIFY,
AUTHORIZE] on data from “user"
TRACE 14:07:01,540 "cassandra" (/127.0.0.1:53264) GRANTS [SELECT] on data/system_traces/events
to "user"
TRACE 14:07:08,263 "cassandra" (/127.0.0.1:53264) REVOKES ALL from "user" (user drop)
{noformat}

I welcome any feedback.

> Logging for Authentication and Authorization
> --------------------------------------------
>
>                 Key: CASSANDRA-7422
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7422
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Core
>            Reporter: Adam Holmberg
>            Priority: Trivial
>             Fix For: 1.2.17
>
>         Attachments: auth_logging_remote_host.patch.201406666201020
>
>
> We would like to enable Cassandra to log authentication and authorization change events.

> This facilitates audits on access to certain data. As a side effect it would also make
it easier to notice ill-behaved clients connecting repeatedly.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message