[ https://issues.apache.org/jira/browse/HDFS-3535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13401197#comment-13401197 ]
Hadoop QA commented on HDFS-3535: --------------------------------- +1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12533399/hdfs-3535-2.txt against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 2 new or modified test files. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 javadoc. The javadoc tool did not generate any warning messages. +1 eclipse:eclipse. The patch built with eclipse:eclipse. +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed unit tests in hadoop-hdfs-project/hadoop-hdfs. +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/2700//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/2700//console This message is automatically generated. > audit logging should log denied accesses as well as permitted ones > ------------------------------------------------------------------ > > Key: HDFS-3535 > URL: https://issues.apache.org/jira/browse/HDFS-3535 > Project: Hadoop HDFS > Issue Type: New Feature > Components: name-node > Affects Versions: 2.0.0-alpha > Reporter: Andy Isaacson > Assignee: Andy Isaacson > Attachments: hdfs-3535-1.txt, hdfs-3535-2.txt, hdfs-3535.txt > > > FSNamesystem.java logs an audit log entry when a user successfully accesses > the filesystem: > {code} > logAuditEvent(UserGroupInformation.getLoginUser(), > Server.getRemoteIp(), > "concat", Arrays.toString(srcs), target, resultingStat); > {code} > but there is no similar log when a user attempts to access the filesystem and > is denied due to permissions. Competing systems do provide such logging of > denied access attempts; we should too. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira