[
https://issues.apache.org/jira/browse/ZOOKEEPER-1260?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16142328#comment-16142328
]
ASF GitHub Bot commented on ZOOKEEPER-1260:
-------------------------------------------
Github user afine commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/338#discussion_r135345079
--- Diff: src/docs/src/documentation/content/xdocs/zookeeperAuditLogs.xml
---
@@ -0,0 +1,205 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright 2002-2004 The Apache Software Foundation
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE article PUBLIC "-//OASIS//DTD Simplified DocBook XML V1.0//EN"
+"http://www.oasis-open.org/docbook/xml/simple/1.0/sdocbook.dtd";>
+<article id="ar_auditLogs">
+ <title>ZooKeeper Audit Logging</title>
+ <articleinfo>
+ <legalnotice>
+ <para>Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License. You
may
+ obtain a copy of the License at <ulink
+
url="http://www.apache.org/licenses/LICENSE-2.0";>http://www.apache.org/licenses/LICENSE-2.0</ulink>.</para>
+
+ <para>Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an "AS IS"
+ BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
or
+ implied. See the License for the specific language governing
permissions
+ and limitations under the License.</para>
+ </legalnotice>
+
+ <abstract>
+ <para>This document contains information about Audit Logs in
ZooKeeper.</para>
+ </abstract>
+ </articleinfo>
+ <section id="ch_auditLogs">
+ <title>ZooKeeper Audit Logs</title>
+ <para>Apache ZooKeeper supports audit logs form version 3.5.4. By
default audit logs are disabled. To enable audit
+ logs configure audit.enable=true in conf/zoo.cfg. Audit logs are not
logged on all the ZooKeeper servers, but logged
+ only on the servers where client is connected as depicted in bellow
figure.</para>
+ <mediaobject id="fg_audit" >
+ <imageobject>
+ <imagedata fileref="images/zkAuditLogs.jpg"/>
+ </imageobject>
+ </mediaobject>
+ <para>The audit log captures the detailed information for the
operations that are selected to be audited. The audit
+ information is written as a set of key=value pairs for the following
keys.</para>
+ <table>
+ <title>Audit Log Content</title>
+ <tgroup cols="5" align="left" colsep="1" rowsep="4">
+ <thead>
+ <row>
+ <entry>Key</entry>
+ <entry>Value</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>session</entry>
+ <entry>client session id</entry>
+ </row>
+ <row>
+ <entry>user</entry>
+ <entry>
+ comma separated list of users who are associate
with a client session. To know who is taken as user in audit logs
+ refer section
+ <xref linkend="ch_zkAuditUser"/>
+ </entry>
+ </row>
+ <row>
+ <entry>ip</entry>
+ <entry>client IP address</entry>
+ </row>
+ <row>
+ <entry>operation</entry>
+ <entry>any one of the selected operations for audit.
Possible values are
+ (serverStart| serverStop| create| delete| setData|
setAcl| multiOperation| reconfig| ephemeralZNodeDeleteOnSessionClose)
+ </entry>
+ </row>
+ <row>
+ <entry>znode</entry>
+ <entry>path of the znode</entry>
+ </row>
+ <row>
+ <entry>acl</entry>
+ <entry>String representation of znode ACL like
cdrwa(create, delete,read, write, admin). This is logged
+ only for setAcl operation</entry>
+ </row>
+ <row>
+ <entry>result</entry>
+ <entry>result of the operation. Possible values are
(success|failure|invoked). Result "invoked" is used
--- End diff --
"is only used" may be clearer (if correct)
> Audit logging in ZooKeeper servers.
> -----------------------------------
>
> Key: ZOOKEEPER-1260
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1260
> Project: ZooKeeper
> Issue Type: New Feature
> Components: server
> Reporter: Mahadev konar
> Assignee: Mohammad Arshad
> Fix For: 3.5.4, 3.6.0
>
> Attachments: ZOOKEEPER-1260-01.patch, zookeeperAuditLogs.pdf
>
>
> Lots of users have had questions on debugging which client changed what znode
> and what updates went through a znode. We should add audit logging as in
> Hadoop (look at Namenode Audit logging) to log which client changed what in
> the zookeeper servers. This could just be a log4j audit logger.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
