cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From oleg yusim <olegyu...@gmail.com>
Subject Re: Logging
Date Tue, 26 Jan 2016 22:42:03 GMT
Sam, Paulo,

Thank you very much for explanations and references.

Oleg

On Mon, Jan 25, 2016 at 10:08 AM, Sam Tunnicliffe <sam@beobal.com> wrote:

> Paulo is correct in saying that C* doesn't have a direct equivalent of
> SecurityContextHolder. Authenticated principal info is retrievable from the
> QueryState during query execution but a) this isn't available to every
> method in the call chain and b) its scope is limited to the coordinator for
> the request. That is, it isn't serialized and included in the read/mutation
> messages which the coordinator distributes to the replicas. So you could
> produce a level of audit trail by providing a custom QueryHandler (See
> CASSANDRA-6659) that logs each statement along with the principal. But if
> the goal is indeed that "every log message in file should start with
> username of the user, who initiated this action", it's isn't really
> feasible right now
>
> On Mon, Jan 25, 2016 at 3:52 PM, Paulo Motta <pauloricardomg@gmail.com>
> wrote:
>
>> That would work, but afaik Cassandra doesn't have an equivalent of
>> RequestContextHolder/SecurityContextHolder that is able to retrieve the
>> user/session of a given thread/request (maybe I'm wrong as I'm no auth
>> expert), so if these don't exist we'd need to add equivalent to those or do
>> it via MDC (set the context when request arrives, propagate to down stream
>> threads, cleanup), which can become quite messy as shown in CASSANDRA-7276.
>>
>> For CQL statements perhaps the query tracing infrastructure could be
>> reused to provide that info, but that would require further investigation.
>> See CASSANDRA-1123 for more details on that.
>>
>> 2016-01-25 12:30 GMT-03:00 oleg yusim <olegyusim@gmail.com>:
>>
>>> Paulo,
>>>
>>> Ideally - all the actions (security purposes, preserving completness of
>>> the audit trail). How about this approach:
>>> http://www.codelord.net/2010/08/27/logging-with-a-context-users-in-logback-and-spring-security/
?
>>> Would that work? Or you would rather suggest to go MDC way?
>>>
>>> Thanks,
>>>
>>> Oleg
>>>
>>> On Mon, Jan 25, 2016 at 9:23 AM, Paulo Motta <pauloricardomg@gmail.com>
>>> wrote:
>>>
>>>> What kind of actions? nodetool/system actions or cql statements?
>>>>
>>>> You could probably achieve identity-based logging with logback Mapped
>>>> Diagnostic Context (MDC - logback.qos.ch/manual/mdc.html), but you'd
>>>> need to patch your own Cassandra jars in many locations to provide that
>>>> information to the logging context, so not exactly a trivial thing to do.
>>>> We tried using that to print ks/cf names on log messages but it became a
>>>> bit messy due to the SEDA architecture as you need to patch executors to
>>>> inherit identifiers from parent threads and cleanup afterwards. See
>>>> CASSANDRA-7276 for more background.
>>>>
>>>> 2016-01-25 12:09 GMT-03:00 oleg yusim <olegyusim@gmail.com>:
>>>>
>>>>> I want to try to re-phrase my question here... what I'm trying to
>>>>> achieve is identity-based logging. I.e. every log message in file should
>>>>> start with username of the user, who initiated this action. Would that
be
>>>>> possible to achieve? If so, can you give me a brief example?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Oleg
>>>>>
>>>>> On Thu, Jan 21, 2016 at 2:57 PM, oleg yusim <olegyusim@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Joel,
>>>>>>
>>>>>> Thanks for reference. What I'm trying to achieve, is to add the name
>>>>>> of the user, who initiated logged action. I tried c{5}, but what
I see is
>>>>>> that;
>>>>>>
>>>>>> TRACE [GossipTasks:1] c{5} 2016-01-21 20:51:17,619 Gossiper.java:700
>>>>>> - Performing status check ...
>>>>>>
>>>>>> I think, I'm missing something here. Any suggestions?
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Oleg
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, Jan 21, 2016 at 1:30 PM, Joel Knighton <
>>>>>> joel.knighton@datastax.com> wrote:
>>>>>>
>>>>>>> Cassandra uses logback as its backend for logging.
>>>>>>>
>>>>>>> You can find information about configuring logging in Cassandra
by
>>>>>>> searching for "Configuring logging" on docs.datastax.com and
>>>>>>> selecting the documentation for your version.
>>>>>>>
>>>>>>> The documentation for PatternLayouts (the pattern string about
which
>>>>>>> you're asking) in logback is available in the logback manual
under the
>>>>>>> section for Conversion Words
>>>>>>> http://logback.qos.ch/manual/layouts.html#conversionWord
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Jan 21, 2016 at 1:21 PM, oleg yusim <olegyusim@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Greetings,
>>>>>>>>
>>>>>>>> Guys, can you, please, point me to documentation on how to
>>>>>>>> configure format of logs? I want make it clear, I'm talking
about
>>>>>>>> formatting i.e. this:
>>>>>>>>
>>>>>>>> <pattern>%-5level %date{HH:mm:ss,SSS} %msg%n</pattern>
>>>>>>>>
>>>>>>>> What if I want to add another parameters into this string?
Is there
>>>>>>>> a list of available parameters here and syntax?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>> Oleg
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> <http://www.datastax.com/>
>>>>>>>
>>>>>>> Joel Knighton
>>>>>>> Cassandra Developer | joel.knighton@datastax.com
>>>>>>>
>>>>>>> <https://www.linkedin.com/company/datastax>
>>>>>>> <https://www.facebook.com/datastax> <https://twitter.com/datastax>
>>>>>>> <https://plus.google.com/+Datastax/about>
>>>>>>> <http://feeds.feedburner.com/datastax>
>>>>>>> <https://github.com/datastax/>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>

Mime
View raw message