[
https://issues.apache.org/jira/browse/KNOX-272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Minder updated KNOX-272:
------------------------------
Description:
# User Columns
* It still isn't clear to me exactly how we expect these to be used
consistently.
# Authentication Failure
14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|success|Response
status: 401
* We need really see if we can figure out a way to log an authentication|failre
# Redeployment
14/02/20 16:06:39 |||audit|||||redeploy|topology|sandbox|unavailable|
* I think there should be something in one of the user columns.
# Access (two records)
14/02/20 16:13:43 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
14/02/20 16:15:11
||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
* I'm questioning the value of the first record but I understand that it might
be important to have this to "bracket" the request processing.
# Access (status/outcome)
14/02/20 16:15:11
||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
* I think that >=400 should use a failure outcome.
# Identity Mapping (Three Records)
14/02/20 16:15:11
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|guest|success|
14/02/20 16:15:11
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|hdfs|success|Groups:
[admin]
14/02/20 16:15:11
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|*|success|Groups:
[users]
* Three records seems excessive. Can these be meaningfully combined?
# Knox Service
* What in these lines would identify this as a Knox audit record if/when it is
centrally combined?
was:
User Columns
It still isn't clear to me exactly how we expect these to be used consistently.
# Authentication Failure
14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|success|Response
status: 401
* We need really see if we can figure out a way to log an authentication|failre
# Redeployment
14/02/20 16:06:39 |||audit|||||redeploy|topology|sandbox|unavailable|
* I think there should be something in one of the user columns.
# Access (two records)
14/02/20 16:13:43 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
14/02/20 16:15:11
||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
* I'm questioning the value of the first record but I understand that it might
be important to have this to "bracket" the request processing.
# Access (status/outcome)
14/02/20 16:15:11
||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
* I think that >=400 should use a failure outcome.
# Identity Mapping (Three Records)
14/02/20 16:15:11
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|guest|success|
14/02/20 16:15:11
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|hdfs|success|Groups:
[admin]
14/02/20 16:15:11
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|*|success|Groups:
[users]
* Three records seems excessive. Can these be meaningfully combined?
# Knox Service
* What in these lines would identify this as a Knox audit record if/when it is
centrally combined?
> Auditing content refinement
> ----------------------------
>
> Key: KNOX-272
> URL: https://issues.apache.org/jira/browse/KNOX-272
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 0.4.0
> Reporter: Kevin Minder
> Fix For: 0.4.0
>
>
> # User Columns
> * It still isn't clear to me exactly how we expect these to be used
> consistently.
> # Authentication Failure
> 14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
> 14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|success|Response
> status: 401
> * We need really see if we can figure out a way to log an
> authentication|failre
> # Redeployment
> 14/02/20 16:06:39 |||audit|||||redeploy|topology|sandbox|unavailable|
> * I think there should be something in one of the user columns.
> # Access (two records)
> 14/02/20 16:13:43 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
> 14/02/20 16:15:11
> ||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
> * I'm questioning the value of the first record but I understand that it
> might be important to have this to "bracket" the request processing.
> # Access (status/outcome)
> 14/02/20 16:15:11
> ||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
> * I think that >=400 should use a failure outcome.
> # Identity Mapping (Three Records)
> 14/02/20 16:15:11
> ||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|guest|success|
> 14/02/20 16:15:11
> ||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|hdfs|success|Groups:
> [admin]
> 14/02/20 16:15:11
> ||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|*|success|Groups:
> [users]
> * Three records seems excessive. Can these be meaningfully combined?
> # Knox Service
> * What in these lines would identify this as a Knox audit record if/when it
> is centrally combined?
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
