[ https://issues.apache.org/jira/browse/HDFS-10776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15426946#comment-15426946 ]
Kihwal Lee edited comment on HDFS-10776 at 8/18/16 6:22 PM: ------------------------------------------------------------ Regarding bq.1) What is the correct way of doing the hdfs audit logging? [Here|https://issues.apache.org/jira/browse/HDFS-9395?focusedCommentId=15131106&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15131106] is the audit logging policy that was agreed up on in HDFS-9395. The key opinion that led to the agreement was probably from [~daryn]: {quote} ... The audit log should be a record of successful or unauthorized access to data - not a debug record of every attempted operation. The reduced SNR of already monstrous logs and the performance penalty (it's already extremely high) of logging unsuccessful operations generated by polling, globbing, file not found, rename targets existing, etc is of no value to me. {quote} Please share your thoughts on this. was (Author: kihwal): Regarding bq.1) What is the correct way of doing the hdfs audit logging? [Here|https://issues.apache.org/jira/browse/HDFS-9395?focusedCommentId=15131106&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15131106] is the audit logging policy that was agreed up on in HDFS-9395. The key opinion that led to the agreement was probably the statement from [~daryn]: {quote} ... The audit log should be a record of successful or unauthorized access to data - not a debug record of every attempted operation. The reduced SNR of already monstrous logs and the performance penalty (it's already extremely high) of logging unsuccessful operations generated by polling, globbing, file not found, rename targets existing, etc is of no value to me. {quote} Please share your thoughts on this. > Revisit Hdfs Audit Logging > -------------------------- > > Key: HDFS-10776 > URL: https://issues.apache.org/jira/browse/HDFS-10776 > Project: Hadoop HDFS > Issue Type: Bug > Affects Versions: 2.7.2 > Reporter: Kuhu Shukla > Assignee: Kuhu Shukla > > HDFS audit logging is considered critical in many scenarios, but it hasn't > been always implemented consistently, especially for new features. As we have > seen in HDFS-9395 and the 2.7.3 release discussions in the mailing list, even > bug fixes are tricky since some users may get greatly impacted by the > resulting incompatibility. The goal of this jira is to clarify what the hdfs > audit logging should do and discuss potential approaches that will allows us > to move forward. > 1) What is the correct way of doing the hdfs audit logging? This was > discussed in HDFS-9395, but needs to be revisited as there were discussions > on the fix being made with wrong assumptions. What needs to be fixed, if > HDFS-9395 is incorrect or incomplete? > 2) What if a single standard cannot satisfy everyone? Do we need to make the > audit logging more flexible and configurable? > 3) What is the best way of introducing future bug fixes to the hdfs audit > logging that change the output? Some may not want a fix, while others may > consider it critical and want it asap. > CC:[~aw] -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org