hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen Wittenauer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-5421) Add daemon start and stop audit logs
Date Wed, 14 Dec 2016 15:47:58 GMT

    [ https://issues.apache.org/jira/browse/YARN-5421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15748668#comment-15748668

Allen Wittenauer commented on YARN-5421:

bq. Yes this came up as its part of our security audit logging guidelines.

I seem to have missed this email containing this audit getting sent to security@.  Would you
mind re-sending it so that we can be on the same footing?   Thanks. 

bq.  Any concerns in logging this ? 


1: It's the wrong log.  
2: Given this is a YARN JIRA issue, this will introduce Yet Another Inconsistency with the
rest of Hadoop.

bq. But definitely it will help in analyzing the daemon if it has any issues as it would be
difficult to analyze the same from the normal logs.

3: I don't understand this statement at all.  The daemon log and the audit log are time stamped.
If one needs both logs to debug (which, frankly, should be super super rare) then a simple
merge of the two logs will do this.  This is actually a better approach, since daemon changes
that impact job start/stop are now obvious.

bq. Further with reference to Berkeley Security Logging guidelines we thought it might be
ideal to log it.

4: Daemon start/stop is already logged, covering those guidelines.  (I'm not sure why we would
should care about $RandomUniversityPolicy though.) 

> Add daemon start and stop audit logs
> ------------------------------------
>                 Key: YARN-5421
>                 URL: https://issues.apache.org/jira/browse/YARN-5421
>             Project: Hadoop YARN
>          Issue Type: Improvement
>            Reporter: Varun Saxena
>            Priority: Minor

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org

View raw message