[
https://issues.apache.org/jira/browse/CASSANDRA-12151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16468212#comment-16468212
]
Vinay Chella commented on CASSANDRA-12151:
------------------------------------------
Thanks, [~jasobrown] for cleanup and fixing [~eperott] comments.
{quote}When using logback as backend, would it make sense to mark audit records
with a specific appender name such as "AUDIT" rather than
"FileAuditLoggerAppender". That way we can easily tell regular log messages
from audit log messages.
{quote}
Yes, certainly. However, AuditLog feature does not ship with appender
configurations. I see that "FileAuditLoggerAppender" is being referenced in the
documentation, have updated and pushed.
{quote}On a similar topic, rather than creating the AuditLogEntryCategory type,
the mapping in AuditLogEntryType and the kespace/scope of (I)AuditLogContext,
would it make sense to use the existing Permission type (SELECT, MODIFY,
CREATE...) and IResource (Data, Role, Function...). We could create a new
resource type to represent Connections (like connection/native,
connection/thrift, connection/jmx) which could be used for managing white-lists
for authentication.
{quote}
I don't think it is a good idea to piggyback on Permission type and IResource
to get the AuditLogType, that makes those 2 features tightly bound and it seems
like a hack rather than cleaner implementation. Also, binding them tightly
makes future extensions on those features tough to manage and we end up
separating eventually. So not sure, if that is a good idea to piggyback on 2
other different features to get the AuditLog needs.
\\
{quote}Sure, I understand we seek to close this ticket. I'm just a bit
concerned with the timing. If this ticket is merged as is and we take a cut for
4.0, then I assume we will have to stick to this way of configure audit logs
for some time.
{quote}
CQL grammar for managing audit log configurations is an interesting idea,
considering the changes needed at this point, hierarchical and composite
requirements that come with it, I agree with @Jason on exploring as a followup.
Please feel free to create followup JIRA on this.
> Audit logging for database activity
> -----------------------------------
>
> Key: CASSANDRA-12151
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12151
> Project: Cassandra
> Issue Type: New Feature
> Reporter: stefan setyadi
> Assignee: Vinay Chella
> Priority: Major
> Fix For: 4.x
>
> Attachments: 12151.txt, CASSANDRA_12151-benchmark.html,
> DesignProposal_AuditingFeature_ApacheCassandra_v1.docx
>
>
> we would like a way to enable cassandra to log database activity being done
> on our server.
> It should show username, remote address, timestamp, action type, keyspace,
> column family, and the query statement.
> it should also be able to log connection attempt and changes to the
> user/roles.
> I was thinking of making a new keyspace and insert an entry for every
> activity that occurs.
> Then It would be possible to query for specific activity or a query targeting
> a specific keyspace and column family.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
