[ 
https://issues.apache.org/jira/browse/CALCITE-1311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15371159#comment-15371159
 ] 

Josh Elser commented on CALCITE-1311:
-------------------------------------

bq. It would very nice to have this, but is it scope creep? If the backend 
server already has auditing it wouldn't want Avatica doing it at another level.

Good point. It might very well be duplicative of something that backend system 
is already doing. Definitely should be an optional thing (if built)

bq. Are we talking about data auditing here (e.g. if there is a batch insert of 
100 rows, write those 100 rows out somewhere)?
bq. How does this capability compare with metrics? Events such as "connection 
created", "statement canceled" are similar to those that would be gathered by 
metrics. So, would auditing and metrics write to the same place, and would they 
use the same mechanism?

For the read side, I think it's pretty straightforward to just log the SQL 
statement. For writes and metadata operations, I'm not sure what exactly these 
would look like (would we log the Avatica method call? The insert/update 
template assuming that it's a prepared statement?). How it fits in with metrics 
is also a concern to avoid two features potentially colliding. My initial 
thoughts would be that metrics are raw timing data for the Avatica calls 
whereas this would be a "user level" record of what happened. We would 
definitely need to make sure that the delineation between the two are clear.

Definitely still hashing out what this would look like; more feedback/opinions 
are welcomed :)



> Add high-level record of interactions with the avatica server
> -------------------------------------------------------------
>
>                 Key: CALCITE-1311
>                 URL: https://issues.apache.org/jira/browse/CALCITE-1311
>             Project: Calcite
>          Issue Type: New Feature
>          Components: avatica
>            Reporter: Josh Elser
>
> It would be nice to have the ability to configure the Avatica server to 
> create what is equivalent to an "audit log".
> This functionality would provide administrators the ability to inspect what 
> queries were run and the user (client address and optionally the Kerberos 
> identity).
> It would be nice to implement this as a framework and provide an initial 
> "sink" binding which just writes to a file. This would let us push these logs 
> to other systems automatically which would be nice.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to