[
https://issues.apache.org/jira/browse/CASSANDRA-12151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16381505#comment-16381505
]
Anuj Wadehra commented on CASSANDRA-12151:
------------------------------------------
[~vinaykumarcse] I have gone through your patch.
Some high level review comments on the patch:
# Why do you think logging CL is required? Is CL adding any value for the
auditor?
# Don’t you think we should have separate configuration file for auditing
rather than cassandra.yaml? —there are applications with considerable number of
tables. As per the proposed design, user shall be able to individually specify
tables which must be audited and this would clutter the cassandra.yaml file.
# Logging every statement in a Batch separately may have significant
performance hit. Can we just log once per Batch and make sure that all
operations in the batch are included in that one log statement?
# Are you planning to evaluate and implement a Chronicle Queue variant similar
to CASSANDRA-13983?
The patch lacks following features from the design document:
# Configuration of whitelisted/application users and separate auditing
configuration for that.
# Configuration of tables to be audited with/without regular expressions e.g.
ks1.*,*.table1 etc.
# Auditing bind values of prepared statements and its configuration
# Password Obfuscation for DCL Queries
[~jasobrown] [~vinaykumarcse] We can develop auditing feature (Cassandra code)
incrementally. In the first iteration, [~vinaykumarcse] can contribute his
patch and then our team shall contribute the remaining 4 features. We are
already developing an auditing plugin for Cassandra which aligns with the
proposed design and we can port these remaining features from the plugin to the
main Cassandra code.
> Audit logging for database activity
> -----------------------------------
>
> Key: CASSANDRA-12151
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12151
> Project: Cassandra
> Issue Type: New Feature
> Reporter: stefan setyadi
> Assignee: Vinay Chella
> Priority: Major
> Fix For: 4.x
>
> Attachments: 12151.txt,
> DesignProposal_AuditingFeature_ApacheCassandra_v1.docx
>
>
> we would like a way to enable cassandra to log database activity being done
> on our server.
> It should show username, remote address, timestamp, action type, keyspace,
> column family, and the query statement.
> it should also be able to log connection attempt and changes to the
> user/roles.
> I was thinking of making a new keyspace and insert an entry for every
> activity that occurs.
> Then It would be possible to query for specific activity or a query targeting
> a specific keyspace and column family.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
