[
https://issues.apache.org/jira/browse/CASSANDRA-12151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16383281#comment-16383281
]
Dinesh Joshi commented on CASSANDRA-12151:
------------------------------------------
Hi [~vinaykumarcse], I have gone over your patch. Here is my feedback -
# {{AuditLogEntryType::allStatementsMap}} - Instead of creating an explicit
map of statements consider adding the type of statement in the actual class
itself. That way when new statements are introduced, you don't need to keep
updating this map.
# {{AuditLogFilter::loadFilters}} - Consider adding checks here to make sure
{{includedKeyspacesList}} and {{excludedKeyspacesList}} do not have the same
keyspace specified. This will help simplifying your logic in
{{AuditLogFilter::isFiltered}}. Also consider lowercasing / uppercasing while
storing the keyspace and category names as you are doing a case insensitive
match in {{isFiltered}}.
# {{AuditLogFilter}} consider using {{Set<String>}} instead of
{{List<String>}} for {{includedKeyspacesList}}, {{excludedKeyspacesList}},
{{excludedCategoriesList}}, {{includedCategoriesList}}. Keyspace names and
Categories should be unique.
# {{AuditLogFilter::isFiltered}} can be simplified and made more performant if
you use {{Set}} instead of {{List}}.
# It would be great if you can update the docs in the source tree.
On the implementation design, it would be great to see if you can extendÂ
-CASSANDRA-13983-. It does pretty much what you're doing except logging the
authorization failures.
Consider refactoring your code to add a netty handler that invokes an auditing
interface. The advantage of this approach would be that, when audit logging is
disabled, you can take this handler out of the netty pipeline. This way there
is zero performance impact when audit is disabled. You can define a
IAuditLogger interface that has sufficient contextual information to log all
queries. This will help make the audit logging implementation pluggable.
> Audit logging for database activity
> -----------------------------------
>
> Key: CASSANDRA-12151
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12151
> Project: Cassandra
> Issue Type: New Feature
> Reporter: stefan setyadi
> Assignee: Vinay Chella
> Priority: Major
> Fix For: 4.x
>
> Attachments: 12151.txt,
> DesignProposal_AuditingFeature_ApacheCassandra_v1.docx
>
>
> we would like a way to enable cassandra to log database activity being done
> on our server.
> It should show username, remote address, timestamp, action type, keyspace,
> column family, and the query statement.
> it should also be able to log connection attempt and changes to the
> user/roles.
> I was thinking of making a new keyspace and insert an entry for every
> activity that occurs.
> Then It would be possible to query for specific activity or a query targeting
> a specific keyspace and column family.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
