hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amar Kamat (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MAPREDUCE-1543) Log messages of JobACLsManager should use security logging of HADOOP-6586
Date Thu, 11 Mar 2010 06:29:40 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-1543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12843936#action_12843936
] 

Amar Kamat commented on MAPREDUCE-1543:
---------------------------------------

h3.+_What to log?_+
- *job* related operations
 -- job-view
 -- job-modify
 -- job-submission
 -- job-initialization
- *queue* acl related operations
 -- queue-refresh
- *cluster* acl related operations 
 -- host-list-refresh
 -- node-list-refresh

I am in the process of merging service-acls-refresh (commons code, HADOOP-6586) with mapreduce
audit logs.

h3.+_How to log?_+
Considering the above mentioned scenarios, here is format for mapreduce audit (security?)
logs
{noformat}<date> <log-level> <log-class>.audit <operation> by <agent>
on <target> : <result> [<reason>]{noformat}

Example :
{noformat}
2010-03-11 00:48:44,979 INFO org.apache.hadoop.mapred.JobTracker.audit : SUBMIT_JOB by amarrk
on job_201003110048_0001 : SUCCESS [  ]
2010-03-11 00:48:45,648 INFO org.apache.hadoop.mapred.JobInProgress.audit : INIT_JOB by amarrk
on job_201003110048_0001 : SUCCESS [ maps : 1, reduces : 0 ]
2010-03-11 10:49:01,154 INFO org.apache.hadoop.mapred.JobTracker.audit : SUBMIT_JOB by amarrk
on job_201003111048_0001 : SUCCESS [  ]
2010-03-11 10:49:01,811 INFO org.apache.hadoop.mapred.JobInProgress.audit : INIT_JOB by amarrk
on job_201003111048_0001 : FAILURE [ Total tasks : 11, Max tasks : 10 ]
2010-03-11 12:26:11,158 INFO AuditLogger: org.apache.hadoop.mapred.JobTracker : NODE_REFRESH
by hacker on JobTracker : FAILURE [ Access denied ]
{noformat}

The reason for adding '_.audit_' to the classnames is for the ease of filtering them out and
also be consistent with the hdfs audit logging naming convention.

Thoughts?

> Log messages of JobACLsManager should use security logging of HADOOP-6586
> -------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-1543
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1543
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security
>            Reporter: Vinod K V
>             Fix For: 0.22.0
>
>
> {{JobACLsManager}} added in MAPREDUCE-1307 logs the successes and failures w.r.t job-level
authorization in the corresponding Daemons' logs. The log messages should instead use security
logging of HADOOP-6586.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message