Vincent Tran created IMPALA-8768:
------------------------------------
Summary: Clarifying the conditions in which audit logs record a
query
Key: IMPALA-8768
URL: https://issues.apache.org/jira/browse/IMPALA-8768
Project: IMPALA
Issue Type: Documentation
Components: Docs
Affects Versions: Impala 2.13.0, Impala 3.3.0
Reporter: Vincent Tran
Currently, Impala documentation highlights the following cases as operations
which the audit logs will record:
{noformat}
Which Operations Are Audited
The kinds of SQL queries represented in the audit log are:
Queries that are prevented due to lack of authorization.
Queries that Impala can analyze and parse to determine that they are
authorized. The audit data is recorded immediately after Impala finishes its
analysis, before the query is actually executed.
The audit log does not contain entries for queries that could not be parsed and
analyzed. For example, a query that fails due to a syntax error is not recorded
in the audit log. The audit log also does not contain queries that fail due to
a reference to a table that does not exist, if you would be authorized to
access the table if it did exist.
Certain statements in the impala-shell interpreter, such as CONNECT, SUMMARY,
PROFILE, SET, and QUIT, do not correspond to actual SQL queries, and these
statements are not reflected in the audit log.
{noformat}
However, based on[1], there is an unmentioned condition that the client must
have issued at least one fetch for analyzed queries to be recorded in audit
logs.
[1]
https://github.com/apache/impala/blob/b3b00da1a1c7b98e84debe11c10258c4a0dff944/be/src/service/impala-server.cc#L690-L734
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
