hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "stack (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HBASE-2014) [DAC] Audit
Date Mon, 07 Dec 2009 04:50:18 GMT

    [ https://issues.apache.org/jira/browse/HBASE-2014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12786777#action_12786777
] 

stack commented on HBASE-2014:
------------------------------

@Linden That makes sense.  So, if writing to hbase, write to a different hbase instance? 
Emitting audit logs using apache commons or so or sfl4j make sense to you and then hooking
up the logging system to different kind of sinks writing any necessary plugins if needed make
sense to you?

> [DAC] Audit
> -----------
>
>                 Key: HBASE-2014
>                 URL: https://issues.apache.org/jira/browse/HBASE-2014
>             Project: Hadoop HBase
>          Issue Type: Sub-task
>            Reporter: Andrew Purtell
>            Assignee: Andrew Purtell
>             Fix For: 0.22.0
>
>
> Audit: Important actions taken by subjects should be logged for accountability, a chronological
record which enables the full reconstruction and examination of a sequence of events, e.g.
schema changes or data mutations. Logging activity should be protected from all subjects except
for a restricted set with administrative privilege, perhaps to only a single super-user.
> Support dynamic scaling transparently and support multi-tenant. Acquire enough detail
and support streamline auditing in time. Should be configurable on a per-table basis to avoid
this overhead where it is not wanted.
> Consider logging audit trails to an HBase table (bigtable type schemas are natural for
this) and also external options with Java library support - syslog, etc., or maybe commons-logging
is sufficient and punt to administrator to set up appropriate commons-logging/log4j configurations
for their needs.
> Consider integration with Scribe (http://developers.facebook.com/scribe/) or Chukwa (http://wiki.apache.org/hadoop/Chukwa).
> * Session information (Required)
> ** Client, server, When, How, Where.
> * Command information (Required)
> ** Command detail and intent
> ** Command result and why
> ** Data event (input and output interested data, depends on predefined policy) 
> *** Metadata, data detail, session identity and command identity, data direction, etc.
> ** Command Counts (optional)
> *** Execution duration
> *** Response/request data amount
> *** Resource usage
> * Node status
> ** Node resource counts
> ** Session status
> ** Abnormal events (Required)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message