cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vinay Chella (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CASSANDRA-12151) Audit logging for database activity
Date Tue, 27 Feb 2018 16:49:00 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-12151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16377534#comment-16377534
] 

Vinay Chella edited comment on CASSANDRA-12151 at 2/27/18 4:48 PM:
-------------------------------------------------------------------

Hi [~eanujwa]  [~jasobrown],

I’m excited to see the design document and it looks good to us!

Netflix had a similar requirement recently for our internal 2.1 clusters and we implemented
a simple version (no query categories, etc…) for sox auditing. As your design is very close
to what we implemented, just a few differently named classes for the most part, can we work
together on the trunk [patchset|https://github.com/vinaykumarchella/cassandra/pull/2] to add
the missing components from your design? Alternatively, we could take an incremental approach,
review what we have on the trunk branch of the simple version and get it committed and then
add in some of the more advanced features next. I believe this patch follows the design goals
that you put together.

Please review and let me know if you have any questions or concerns about the first iteration.
If folks are interested in the 3.x/2.x branches I can put those up on my github as well.

[~jhb]
{quote}I just have one question, do you think enabling/updating/disabling audit require a
node restart?
{quote}
The posted patch allows online auditlog enable/disable via JMX.

[~jjordan]
{quote}You should take a look at the infrastructure added in CASSANDRA-13983 for query logging
{quote}
Yes, we looked and that certainly looks interesting, perhaps this design allows us to use
it as another implementation of {{IAuditLogger}}?

Here is the patch location:

||[trunk|https://github.com/vinaykumarchella/cassandra]||
|[PR for Trunk|https://github.com/vinaykumarchella/cassandra/pull/2]|






was (Author: vinaykumarcse):
Hi [~eanujwa]  [~jasobrown],

I’m excited to see the design document and it looks good to us!

Netflix had a similar requirement recently for our internal 2.1 clusters and we implemented
a simple version (no query categories, etc…) for sox auditing. As your design is very close
to what we implemented, just a few differently named classes for the most part, can we work
together on the trunk [patchset|https://github.com/vinaykumarchella/cassandra/pull/2] to add
the missing components from your design? Alternatively, we could take an incremental approach,
review what we have on the trunk branch of the simple version and get it committed and then
add in some of the more advanced features next. I believe this patch follows the design goals
that you put together.

Please review and let me know if you have any questions or concerns about the first iteration.
If folks are interested in the 3.x/2.x branches I can put those up on my github as well.

[~jhb]
{quote}I just have one question, do you think enabling/updating/disabling audit require a
node restart?
{quote}
The posted patch allows online auditlog enable/disable via JMX.

[~jjordan]
{quote}You should take a look at the infrastructure added in CASSANDRA-13983 for query logging
{quote}
Yes, we looked and that certainly looks interesting, perhaps this design allows us to use
it as another implementation of {{IAuditLogger}}?

> Audit logging for database activity
> -----------------------------------
>
>                 Key: CASSANDRA-12151
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12151
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: stefan setyadi
>            Assignee: Anuj Wadehra
>            Priority: Major
>             Fix For: 4.x
>
>         Attachments: 12151.txt, DesignProposal_AuditingFeature_ApacheCassandra_v1.docx
>
>
> we would like a way to enable cassandra to log database activity being done on our server.
> It should show username, remote address, timestamp, action type, keyspace, column family,
and the query statement.
> it should also be able to log connection attempt and changes to the user/roles.
> I was thinking of making a new keyspace and insert an entry for every activity that occurs.
> Then It would be possible to query for specific activity or a query targeting a specific
keyspace and column family.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org


Mime
View raw message