Andy Isaacson created HDFS-3535: ----------------------------------- Summary: audit logging should log denied accesses as well as permitted ones Key: HDFS-3535 URL: https://issues.apache.org/jira/browse/HDFS-3535 Project: Hadoop HDFS Issue Type: New Feature Components: name-node Affects Versions: 2.0.0-alpha Reporter: Andy Isaacson Assignee: Andy Isaacson
FSNamesystem.java logs an audit log entry when a user successfully accesses the filesystem: {code} logAuditEvent(UserGroupInformation.getLoginUser(), Server.getRemoteIp(), "concat", Arrays.toString(srcs), target, resultingStat); {code} but there is no similar log when a user attempts to access the filesystem and is denied due to permissions. Competing systems do provide such logging of denied access attempts; we should too. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira