[jira] [Commented] (HADOOP-13396) Add json format audit logging to KMS

[Xiao Chen (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-13396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15427641#comment-15427641
 ] 

Xiao Chen commented on HADOOP-13396:
------------------------------------

Thanks Wei-Chiu and Andrew for the great reviews!!
I will need more time to come back with the comments, but here's a sample 
output, pending to roll back the URL changes. (Getting from running the 
{{testAuditLogFormat}} tests from both, which is exactly the same as what it 
would show in actual audit log files.)

Text:
{noformat}
OK[op=GENERATE_EEK, key=k4, user=luser, accessCount=1, interval=1ms] testmsg
OK[op=GENERATE_EEK, user=luser] testmsg
OK[op=GENERATE_EEK, key=k4, user=luser, accessCount=1, interval=5ms] testmsg
UNAUTHORIZED[op=DECRYPT_EEK, key=k4, user=luser] 
ERROR[user=luser] Method:'method' Exception:'testmsg' url:'url'
UNAUTHENTICATED RemoteHost:remotehost Method:method URL:url ErrorMsg:'testmsg'
{noformat}

Json:
{noformat}
{"username":"luser","impersonator":"null!","ipAddress":"Unknown","operation":"GENERATE_EEK","eventTime":1471583567510,"allowed":true,"result":"OK","accessCount":"1","extraMessage":"testmsg","interval":"2","key":"k4"}
 
{"username":"luser","impersonator":"null!","ipAddress":"Unknown","operation":"GENERATE_EEK","eventTime":1471583567538,"allowed":true,"result":"OK","extraMessage":"testmsg"}
 
{"username":"luser","impersonator":"null!","ipAddress":"Unknown","operation":"GENERATE_EEK","eventTime":1471583568543,"allowed":true,"result":"OK","accessCount":"1","extraMessage":"testmsg","interval":"1035","key":"k4"}
 
{"username":"luser","impersonator":"null!","ipAddress":"Unknown","operation":"DECRYPT_EEK","eventTime":1471583568544,"allowed":false,"result":"UNAUTHORIZED","extraMessage":"","key":"k4"}
 
{"username":"luser","impersonator":"null!","ipAddress":"Unknown","operation":"Unknown","eventTime":1471583568544,"allowed":false,"result":"ERROR","extraMessage":"Method:'method'
 Exception:'testmsg' url:'url'"}
 
{"username":"null!","impersonator":"null!","ipAddress":"remotehost","operation":"Unknown","eventTime":1471583568545,"allowed":false,"result":"UNAUTHENTICATED","extraMessage":"RemoteHost:remotehost
 Method:method URL:url ErrorMsg:'testmsg'"}
{noformat}

> Add json format audit logging to KMS
> ------------------------------------
>
>                 Key: HADOOP-13396
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13396
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: kms
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13396.01.patch, HADOOP-13396.02.patch, 
> HADOOP-13396.03.patch, HADOOP-13396.04.patch, HADOOP-13396.05.patch, 
> HADOOP-13396.06.patch
>
>
> Currently, KMS audit log is using log4j, to write a text format log.
> We should refactor this, so that people can easily add new format audit logs. 
> The current text format log should be the default, and all of its behavior 
> should remain compatible.
> A json format log extension is added using the refactored API, and being 
> turned off by default.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org