Return-Path: <dev-return-63491-archive-asf-public=cust-asf.ponee.io@zookeeper.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 305B32004F1
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed, 30 Aug 2017 22:11:08 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 2F037169EA8; Wed, 30 Aug 2017 20:11:08 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 4D946169EA2
	for <archive-asf-public@cust-asf.ponee.io>; Wed, 30 Aug 2017 22:11:07 +0200 (CEST)
Received: (qmail 71730 invoked by uid 500); 30 Aug 2017 20:11:05 -0000
Mailing-List: contact dev-help@zookeeper.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@zookeeper.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@zookeeper.apache.org>
List-Post: <mailto:dev@zookeeper.apache.org>
List-Id: <dev.zookeeper.apache.org>
Reply-To: dev@zookeeper.apache.org
Delivered-To: mailing list dev@zookeeper.apache.org
Received: (qmail 71710 invoked by uid 99); 30 Aug 2017 20:11:05 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Aug 2017 20:11:05 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 9430D1A0251
	for <dev@zookeeper.apache.org>; Wed, 30 Aug 2017 20:11:04 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -100.002
X-Spam-Level: 
X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31
	tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001,
	USER_IN_WHITELIST=-100] autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
	with ESMTP id 2M_Z5qi7Plfa for <dev@zookeeper.apache.org>;
	Wed, 30 Aug 2017 20:11:02 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 52B535FE15
	for <dev@zookeeper.apache.org>; Wed, 30 Aug 2017 20:11:02 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 33310E0E6E
	for <dev@zookeeper.apache.org>; Wed, 30 Aug 2017 20:11:01 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 7335024158
	for <dev@zookeeper.apache.org>; Wed, 30 Aug 2017 20:11:00 +0000 (UTC)
Date: Wed, 30 Aug 2017 20:11:00 +0000 (UTC)
From: "ASF GitHub Bot (JIRA)" <jira@apache.org>
To: dev@zookeeper.apache.org
Message-ID: <JIRA.12529096.1319737766000.163518.1504123860470@Atlassian.JIRA>
In-Reply-To: <JIRA.12529096.1319737766000@Atlassian.JIRA>
References: <JIRA.12529096.1319737766000@Atlassian.JIRA> <JIRA.12529096.1319737766277@jira-lw-us.apache.org>
Subject: [jira] [Commented] (ZOOKEEPER-1260) Audit logging in ZooKeeper
 servers.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Wed, 30 Aug 2017 20:11:08 -0000


    [ https://issues.apache.org/jira/browse/ZOOKEEPER-1260?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16147971#comment-16147971 ] 

ASF GitHub Bot commented on ZOOKEEPER-1260:
-------------------------------------------

Github user arshadmohammad commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/338#discussion_r136176181
  
    --- Diff: src/docs/src/documentation/content/xdocs/zookeeperAuditLogs.xml ---
    @@ -0,0 +1,205 @@
    +<?xml version="1.0" encoding="UTF-8"?>
    +<!--
    +  Copyright 2002-2004 The Apache Software Foundation
    +
    +  Licensed under the Apache License, Version 2.0 (the "License");
    +  you may not use this file except in compliance with the License.
    +  You may obtain a copy of the License at
    +
    +      http://www.apache.org/licenses/LICENSE-2.0
    +
    +  Unless required by applicable law or agreed to in writing, software
    +  distributed under the License is distributed on an "AS IS" BASIS,
    +  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    +  See the License for the specific language governing permissions and
    +  limitations under the License.
    +-->
    +<!DOCTYPE article PUBLIC "-//OASIS//DTD Simplified DocBook XML V1.0//EN"
    +"http://www.oasis-open.org/docbook/xml/simple/1.0/sdocbook.dtd">
    +<article id="ar_auditLogs">
    +  <title>ZooKeeper Audit Logging</title>
    +  <articleinfo>
    +    <legalnotice>
    +      <para>Licensed under the Apache License, Version 2.0 (the "License");
    +      you may not use this file except in compliance with the License. You may
    +      obtain a copy of the License at <ulink
    +      url="http://www.apache.org/licenses/LICENSE-2.0">http://www.apache.org/licenses/LICENSE-2.0</ulink>.</para>
    +
    +      <para>Unless required by applicable law or agreed to in writing,
    +      software distributed under the License is distributed on an "AS IS"
    +      BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
    +      implied. See the License for the specific language governing permissions
    +      and limitations under the License.</para>
    +    </legalnotice>
    +
    +    <abstract>
    +        <para>This document contains information about Audit Logs in ZooKeeper.</para>
    +    </abstract>
    +  </articleinfo>
    +  <section id="ch_auditLogs">
    +    <title>ZooKeeper Audit Logs</title>
    +    <para>Apache ZooKeeper supports audit logs form version 3.5.4. By default audit logs are disabled. To enable audit
    +    logs configure audit.enable=true in conf/zoo.cfg. Audit logs are not logged on all the ZooKeeper servers, but logged
    +    only on the servers where client is connected as depicted in bellow figure.</para>
    +    <mediaobject id="fg_audit" >
    +        <imageobject>
    +            <imagedata fileref="images/zkAuditLogs.jpg"/>
    +        </imageobject>
    +    </mediaobject>
    +    <para>The audit log captures the detailed information for the operations that are selected to be audited. The audit
    +    information is written as a set of key=value pairs for the following keys.</para>
    +    <table>
    +        <title>Audit Log Content</title>
    +        <tgroup cols="5" align="left" colsep="1" rowsep="4">
    +            <thead>
    +                <row>
    +                    <entry>Key</entry>
    +                    <entry>Value</entry>
    +                </row>
    +            </thead>
    +            <tbody>
    +                <row>
    +                    <entry>session</entry>
    +                    <entry>client session id</entry>
    +                </row>
    +                <row>
    +                    <entry>user</entry>
    +                    <entry>
    +                        comma separated list of users who are associate with a client session. To know who is taken as user in audit logs
    +                        refer section
    +                        <xref linkend="ch_zkAuditUser"/>
    +                    </entry>
    +                </row>
    +                <row>
    +                    <entry>ip</entry>
    +                    <entry>client IP address</entry>
    +                </row>
    +                <row>
    +                    <entry>operation</entry>
    +                    <entry>any one of the selected operations for audit. Possible values are
    +                        (serverStart| serverStop| create| delete| setData| setAcl| multiOperation| reconfig| ephemeralZNodeDeleteOnSessionClose)
    +                    </entry>
    +                </row>
    +                <row>
    +                    <entry>znode</entry>
    +                    <entry>path of the znode</entry>
    +                </row>
    +                <row>
    +                    <entry>acl</entry>
    +                    <entry>String representation of znode ACL like cdrwa(create, delete,read, write, admin). This is logged
    +                        only for setAcl operation</entry>
    +                </row>
    +                <row>
    +                    <entry>result</entry>
    +                    <entry>result of the operation. Possible values are (success|failure|invoked). Result "invoked" is used
    +                        for serverStop operation because stop is logged before ensuring that server actually stopped.
    +                    </entry>
    +                </row>
    +            </tbody>
    +        </tgroup>
    +    </table>
    +    <para>Below are sample audit logs for all operations, where client is connected from 192.168.1.2, client principal is
    +        zkcli@HADOOP.COM, server principal is zookeeper/192.168.1.3@HADOOP.COM</para>
    +    <programlisting>
    +        user=zookeeper/192.168.1.3 operation=serverStart   result=success
    +        session=0x19344730000   user=192.168.1.2,zkcli@HADOOP.COM  ip=192.168.1.2    operation=create    znode=/a    result=success
    +        session=0x19344730000   user=192.168.1.2,zkcli@HADOOP.COM  ip=192.168.1.2    operation=create    znode=/a    result=failure
    +        session=0x19344730000   user=192.168.1.2,zkcli@HADOOP.COM  ip=192.168.1.2    operation=setData   znode=/a    result=failure
    +        session=0x19344730000   user=192.168.1.2,zkcli@HADOOP.COM  ip=192.168.1.2    operation=setData   znode=/a    result=success
    +        session=0x19344730000   user=192.168.1.2,zkcli@HADOOP.COM  ip=192.168.1.2    operation=setAcl    znode=/a    acl=world:anyone:cdrwa  result=failure
    +        session=0x19344730000   user=192.168.1.2,zkcli@HADOOP.COM  ip=192.168.1.2    operation=setAcl    znode=/a    acl=world:anyone:cdrwa  result=success
    +        session=0x19344730000   user=192.168.1.2,zkcli@HADOOP.COM  ip=192.168.1.2    operation=create    znode=/b    result=success
    +        session=0x19344730000   user=192.168.1.2,zkcli@HADOOP.COM  ip=192.168.1.2    operation=setData   znode=/b    result=success
    +        session=0x19344730000   user=192.168.1.2,zkcli@HADOOP.COM  ip=192.168.1.2    operation=delete    znode=/b    result=success
    +        session=0x19344730000   user=192.168.1.2,zkcli@HADOOP.COM  ip=192.168.1.2    operation=multiOperation    result=failure
    +        session=0x19344730000   user=192.168.1.2,zkcli@HADOOP.COM  ip=192.168.1.2    operation=delete    znode=/a    result=failure
    +        session=0x19344730000   user=192.168.1.2,zkcli@HADOOP.COM  ip=192.168.1.2    operation=delete    znode=/a    result=success
    +        session=0x19344730001   user=192.168.1.2,zkcli@HADOOP.COM  ip=192.168.1.2    operation=create    znode=/ephemral result=success
    +        session=0x19344730001   user=zookeeper/192.168.1.3   operation=ephemeralZNodeDeletionOnSessionCloseOrExpire  znode=/ephemral result=success
    +        session=0x19344730000   user=192.168.1.2,zkcli@HADOOP.COM  ip=192.168.1.2    operation=reconfig  znode=/zookeeper/config result=success
    +        user=zookeeper/192.168.1.3 operation=serverStop    result=invoked
    +    </programlisting>
    +  </section>
    +  <section id="ch_auditConfig">
    +    <title>ZooKeeper Audit Log Configuration</title>
    +    <para>By default audit logs are disabled. To enable audit logs configure audit.enable=true in conf/zoo.cfg. Audit
    +        logging is done using log4j. Following is the default log4j configuration for audit logs in conf/log4j.properties
    +    </para>
    +    <programlisting>
    +        #
    --- End diff --
    
    This is important part of the audit log configuration. These will rarely be changed. I think it is ok to keep it here.


> Audit logging in ZooKeeper servers.
> -----------------------------------
>
>                 Key: ZOOKEEPER-1260
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1260
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: server
>            Reporter: Mahadev konar
>            Assignee: Mohammad Arshad
>             Fix For: 3.5.4, 3.6.0
>
>         Attachments: ZOOKEEPER-1260-01.patch, zookeeperAuditLogs.pdf
>
>
> Lots of users have had questions on debugging which client changed what znode and what updates went through a znode. We should add audit logging as in Hadoop (look at Namenode Audit logging) to log which client changed what in the zookeeper servers. This could just be a log4j audit logger.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)