hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Douglas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-3336) Direct a subset of namenode RPC events for audit logging
Date Fri, 02 May 2008 01:09:55 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-3336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12593685#action_12593685

Chris Douglas commented on HADOOP-3336:

The easiest way to implement this will be by adding a log4j appender that emits events from
FSNamesystem. This way, it can be turned off by default but enabled/configured by administrators.
The subset of events should probably be restricted to those mapped to DFSClient calls. As
a first pass: create (startFile), mkdirs, setOwner, setPermission, delete, rename, open (getBlockLocations?),
getFileStatus, setReplication, and listStatus all look like reasonable events to log. For
all events, the ugi and path will be logged (date/time, etc. should be handled by the appender).
For create, mkdirs, setOwner, and setPermission, both the ugi and the FsPermission information
will be logged.

Thoughts? This isn't designed to be a secure audit log- and I'm sure issues like HADOOP-1741
will affect the approach to future audit logging- but it should provide sufficient information
for administrators to manage HDFS.

> Direct a subset of namenode RPC events for audit logging 
> ---------------------------------------------------------
>                 Key: HADOOP-3336
>                 URL: https://issues.apache.org/jira/browse/HADOOP-3336
>             Project: Hadoop Core
>          Issue Type: New Feature
>          Components: dfs
>            Reporter: Chris Douglas
> A non-persistent transaction log will permit managers of HDFS installations to monitor
and reconstruct user activity in HDFS for forensic analysis and maintenance.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message