hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Krogen <ekro...@linkedin.com>
Subject Re: Why aren't delegation token operations audit logged?
Date Tue, 15 Aug 2017 15:10:19 GMT
Given that the current audit log also includes the majority of read-only operations (getfileinfo,
liststatus, etc.) it seems to me that the audit log's purpose has changed to be more of a
record of both modifications and queries against the file system's metadata. The delegation
token related operations match closely with what is currently in the audit log. Our team was
also surprised to find that they were not currently present. Especially given that we have
HDFS-6888 to limit the size of the audit log by omitting common operations, it does not seem
harmful to add these token ops.

Erik

On 8/14/17, 5:44 PM, "Allen Wittenauer" <aw@apache.org> wrote:

    [You don't often get email from AW@APACHE.ORG. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification.]
    
    On 2017-08-14 11:52, Xiao Chen <x...@cloudera.com> wrote:
    
    > When inspecting the code, I found that the following methods in
    > FSNamesystem are not audit logged:
    
    ...
    
    > I checked with ATM hoping for some history, but no known to him. Anyone
    > know the reason to not audit log these?
    
            The audit log was designed for keeping track of things that actually change the
contents/metadata of the file system. Other HDFS operations were getting logged to the NN
log or some other more appropriate to limit the noise.
    
            https://effectivemachines.com/2017/03/08/unofficial-history-of-the-hdfs-audit-log/
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
    For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org
    
    


---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org

Mime
View raw message