[jira] [Updated] (KNOX-272) Auditing content refinement

Thu, 20 Feb 2014 07:23:51 -0800 

     [ 
https://issues.apache.org/jira/browse/KNOX-272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kevin Minder updated KNOX-272:
------------------------------

    Description: 
User Columns
It still isn't clear to me exactly how we expect these to be used consistently.

h1. Authentication Failure
14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|success|Response 
status: 401
* We need really see if we can figure out a way to log an authentication|failre

Redeployment
```
14/02/20 16:06:39 |||audit|||||redeploy|topology|sandbox|unavailable|
```
I think there should be something in one of the user columns.

Access (two records)
```
14/02/20 16:13:43 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
```
I'm questioning the value of the first record but I understand that it might be 
important to have this to "bracket" the request processing.

Access (status/outcome)
```
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
```
I think that >=400 should use a failure outcome.

Identity Mapping (Three Records)
```
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|guest|success|
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|hdfs|success|Groups:
 [admin]
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|*|success|Groups: 
[users]
```
Three records seems excessive.  Can these be meaningfully combined?

Knox Service
What in these lines would identify this as a Knox audit record if/when it is 
centrally combined?



  was:
User Columns
It still isn't clear to me exactly how we expect these to be used consistently.

*Authentication Failure*
14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|success|Response 
status: 401
* We need really see if we can figure out a way to log an authentication|failre

Redeployment
```
14/02/20 16:06:39 |||audit|||||redeploy|topology|sandbox|unavailable|
```
I think there should be something in one of the user columns.

Access (two records)
```
14/02/20 16:13:43 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
```
I'm questioning the value of the first record but I understand that it might be 
important to have this to "bracket" the request processing.

Access (status/outcome)
```
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
```
I think that >=400 should use a failure outcome.

Identity Mapping (Three Records)
```
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|guest|success|
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|hdfs|success|Groups:
 [admin]
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|*|success|Groups: 
[users]
```
Three records seems excessive.  Can these be meaningfully combined?

Knox Service
What in these lines would identify this as a Knox audit record if/when it is 
centrally combined?




> Auditing content refinement 
> ----------------------------
>
>                 Key: KNOX-272
>                 URL: https://issues.apache.org/jira/browse/KNOX-272
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 0.4.0
>            Reporter: Kevin Minder
>             Fix For: 0.4.0
>
>
> User Columns
> It still isn't clear to me exactly how we expect these to be used 
> consistently.
> h1. Authentication Failure
> 14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
> 14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|success|Response 
> status: 401
> * We need really see if we can figure out a way to log an 
> authentication|failre
> Redeployment
> ```
> 14/02/20 16:06:39 |||audit|||||redeploy|topology|sandbox|unavailable|
> ```
> I think there should be something in one of the user columns.
> Access (two records)
> ```
> 14/02/20 16:13:43 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
> 14/02/20 16:15:11 
> ||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
> ```
> I'm questioning the value of the first record but I understand that it might 
> be important to have this to "bracket" the request processing.
> Access (status/outcome)
> ```
> 14/02/20 16:15:11 
> ||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
> ```
> I think that >=400 should use a failure outcome.
> Identity Mapping (Three Records)
> ```
> 14/02/20 16:15:11 
> ||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|guest|success|
> 14/02/20 16:15:11 
> ||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|hdfs|success|Groups:
>  [admin]
> 14/02/20 16:15:11 
> ||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|*|success|Groups: 
> [users]
> ```
> Three records seems excessive.  Can these be meaningfully combined?
> Knox Service
> What in these lines would identify this as a Knox audit record if/when it is 
> centrally combined?



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to