cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Ellis (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-12151) Audit logging for database activity
Date Fri, 29 Jul 2016 16:10:20 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-12151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15399584#comment-15399584
] 

Jonathan Ellis commented on CASSANDRA-12151:
--------------------------------------------

Remember that people almost always use Cassandra to drive applications at scale, not to do
interactive analytics.  I can't see that logging 100,000 ops per second of the same ten queries
is going to add much value.  I don't want to load that gun for people to blow their feet off
with...

Generally auditing is most useful to see "who *changed* what" not "who *asked for* what."
 (Again, the "who" for most of the latter is going to be "the application server.")  And again,
it's not super useful to know that the app server inserted 10,000 new user accounts today,
but it IS useful to know when Jonathan added a new column to the users table.  

(I would also include user logins as an interesting event.  This will be dominated by app
servers still but much much less noise than logging every query or update.)

Besides changes over CQL, this could also include JMX changes, although there are so many
entry points to JMX mbeans that this would be ugly to do by hand.  Perhaps we could inject
this with byteman?

> Audit logging for database activity
> -----------------------------------
>
>                 Key: CASSANDRA-12151
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12151
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: stefan setyadi
>             Fix For: 3.x
>
>         Attachments: 12151.txt
>
>
> we would like a way to enable cassandra to log database activity being done on our server.
> It should show username, remote address, timestamp, action type, keyspace, column family,
and the query statement.
> it should also be able to log connection attempt and changes to the user/roles.
> I was thinking of making a new keyspace and insert an entry for every activity that occurs.
> Then It would be possible to query for specific activity or a query targeting a specific
keyspace and column family.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message