From commits-return-208651-archive-asf-public=cust-asf.ponee.io@cassandra.apache.org Mon Apr 9 23:11:06 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 2F4C818067B for ; Mon, 9 Apr 2018 23:11:06 +0200 (CEST) Received: (qmail 53884 invoked by uid 500); 9 Apr 2018 21:11:04 -0000 Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cassandra.apache.org Delivered-To: mailing list commits@cassandra.apache.org Received: (qmail 53746 invoked by uid 99); 9 Apr 2018 21:11:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Apr 2018 21:11:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 05FF918065E for ; Mon, 9 Apr 2018 21:11:03 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -110.311 X-Spam-Level: X-Spam-Status: No, score=-110.311 tagged_above=-999 required=6.31 tests=[ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_SPF_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id OlG3jrlL8DQr for ; Mon, 9 Apr 2018 21:11:02 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id A8D0A5FB95 for ; Mon, 9 Apr 2018 21:11:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 1C9AFE0B9E for ; Mon, 9 Apr 2018 21:11:01 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 76FF6241C8 for ; Mon, 9 Apr 2018 21:11:00 +0000 (UTC) Date: Mon, 9 Apr 2018 21:11:00 +0000 (UTC) From: "Ariel Weisberg (JIRA)" To: commits@cassandra.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CASSANDRA-12151) Audit logging for database activity MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CASSANDRA-12151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16431296#comment-16431296 ] Ariel Weisberg commented on CASSANDRA-12151: -------------------------------------------- Adding a way for clients to subscribe to events is great, but there are couple of questions that brings up. How does backpressure work? We have to have a convincing story for what happens so that slow or unavailable clients can't consume unbounded memory. The other nice to have is what happens if a client disconnects and reconnects? Can it get the events that it missed? This ties into being able to consume on disk artifacts like the BinLog. Do the diagnostic events have enough information in them that you can tell where in the stream of events for a particular node you are? Just enough to facilitate at least once delivery with duplicates dropped. Are diagnostic events always really going to be used for diagnostic purposes? I'm just questioning the name. Maybe it should just be SUBSCRIBE and maybe only some of the more problematic things should be locked behind config options. And then we have to think about what happens with large numbers of subscribers although for V1 it could just be a sharp edge. In terms of using the BinLog as more of a store of record. We need to figure out how crashes and restarts are going to be handled. I don't recall exactly what happens, but I suspect that chronicle is just going to leave behind the old files and start a new one for appending so we need to come back and process the old files on startup. I think specifying a shell script is probably OK although if someone specifies the script we should run it immediately once Chronicle rolls the file. Also if the script is specified we probably shouldn't delete artifacts. As these things start to get more complex how are we going to change the YAML and fqltool to be the ri Also this entire change set is starting to get really large. * Generating whole new classes of events, multiple targets for logging * Modifications to the existing BinLog to add new capabilities like using it as a store of record, running a users provided script * Wire protocol changes and a new way to subscribe to have the server push stuff Would be nice to discuss and review these in more isolation. GL Dinesh! > Audit logging for database activity > ----------------------------------- > > Key: CASSANDRA-12151 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12151 > Project: Cassandra > Issue Type: New Feature > Reporter: stefan setyadi > Assignee: Vinay Chella > Priority: Major > Fix For: 4.x > > Attachments: 12151.txt, CASSANDRA_12151-benchmark.html, DesignProposal_AuditingFeature_ApacheCassandra_v1.docx > > > we would like a way to enable cassandra to log database activity being done on our server. > It should show username, remote address, timestamp, action type, keyspace, column family, and the query statement. > it should also be able to log connection attempt and changes to the user/roles. > I was thinking of making a new keyspace and insert an entry for every activity that occurs. > Then It would be possible to query for specific activity or a query targeting a specific keyspace and column family. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org For additional commands, e-mail: commits-help@cassandra.apache.org