[ https://issues.apache.org/jira/browse/CALCITE-1311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15371159#comment-15371159 ]
Josh Elser commented on CALCITE-1311: ------------------------------------- bq. It would very nice to have this, but is it scope creep? If the backend server already has auditing it wouldn't want Avatica doing it at another level. Good point. It might very well be duplicative of something that backend system is already doing. Definitely should be an optional thing (if built) bq. Are we talking about data auditing here (e.g. if there is a batch insert of 100 rows, write those 100 rows out somewhere)? bq. How does this capability compare with metrics? Events such as "connection created", "statement canceled" are similar to those that would be gathered by metrics. So, would auditing and metrics write to the same place, and would they use the same mechanism? For the read side, I think it's pretty straightforward to just log the SQL statement. For writes and metadata operations, I'm not sure what exactly these would look like (would we log the Avatica method call? The insert/update template assuming that it's a prepared statement?). How it fits in with metrics is also a concern to avoid two features potentially colliding. My initial thoughts would be that metrics are raw timing data for the Avatica calls whereas this would be a "user level" record of what happened. We would definitely need to make sure that the delineation between the two are clear. Definitely still hashing out what this would look like; more feedback/opinions are welcomed :) > Add high-level record of interactions with the avatica server > ------------------------------------------------------------- > > Key: CALCITE-1311 > URL: https://issues.apache.org/jira/browse/CALCITE-1311 > Project: Calcite > Issue Type: New Feature > Components: avatica > Reporter: Josh Elser > > It would be nice to have the ability to configure the Avatica server to > create what is equivalent to an "audit log". > This functionality would provide administrators the ability to inspect what > queries were run and the user (client address and optionally the Kerberos > identity). > It would be nice to implement this as a framework and provide an initial > "sink" binding which just writes to a file. This would let us push these logs > to other systems automatically which would be nice. -- This message was sent by Atlassian JIRA (v6.3.4#6332)