[DAC] Audit
-----------
Key: HBASE-2014
URL: https://issues.apache.org/jira/browse/HBASE-2014
Project: Hadoop HBase
Issue Type: Sub-task
Reporter: Andrew Purtell
Assignee: Andrew Purtell
Audit: Important actions taken by subjects should be logged for accountability,
a chronological record which enables the full reconstruction and examination of
a sequence of events, e.g. schema changes or data mutations. Logging activity
should be protected from all subjects except for a restricted set with
administrative privilege, perhaps to only a single super-user.
Support dynamic scaling transparently and support multi-tenant. Acquire enough
detail and support streamline auditing in time. Should be configurable on a
per-table basis to avoid this overhead where it is not wanted.
Consider logging audit trails to an HBase table (bigtable type schemas are
natural for this) and also external options with Java library support - syslog,
etc., or maybe commons-logging is sufficient and punt to administrator to set
up appropriate commons-logging/log4j configurations for their needs.
Consider integration with Scribe (http://developers.facebook.com/scribe/) or
Chukwa (http://wiki.apache.org/hadoop/Chukwa).
* Session information (Required)
** Client, server, When, How, Where.
* Command information (Required)
** Command detail and intent
** Command result and why
** Data event (input and output interested data, depends on predefined policy)
*** Metadata, data detail, session identity and command identity, data
direction, etc.
** Command Counts (optional)
*** Execution duration
*** Response/request data amount
*** Resource usage
* Node status
** Node resource counts
** Session status
** Abnormal events (Required)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
