[jira] Commented: (MAPREDUCE-1543) Log messages of JobACLsManager should use security logging of HADOOP-6586

Wed, 10 Mar 2010 22:30:04 -0800 

    [ 
https://issues.apache.org/jira/browse/MAPREDUCE-1543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12843936#action_12843936
 ] 

Amar Kamat commented on MAPREDUCE-1543:
---------------------------------------

h3.+_What to log?_+
- *job* related operations
 -- job-view
 -- job-modify
 -- job-submission
 -- job-initialization
- *queue* acl related operations
 -- queue-refresh
- *cluster* acl related operations 
 -- host-list-refresh
 -- node-list-refresh

I am in the process of merging service-acls-refresh (commons code, HADOOP-6586) 
with mapreduce audit logs.

h3.+_How to log?_+
Considering the above mentioned scenarios, here is format for mapreduce audit 
(security?) logs
{noformat}<date> <log-level> <log-class>.audit <operation> by <agent> on 
<target> : <result> [<reason>]{noformat}

Example :
{noformat}
2010-03-11 00:48:44,979 INFO org.apache.hadoop.mapred.JobTracker.audit : 
SUBMIT_JOB by amarrk on job_201003110048_0001 : SUCCESS [  ]
2010-03-11 00:48:45,648 INFO org.apache.hadoop.mapred.JobInProgress.audit : 
INIT_JOB by amarrk on job_201003110048_0001 : SUCCESS [ maps : 1, reduces : 0 ]
2010-03-11 10:49:01,154 INFO org.apache.hadoop.mapred.JobTracker.audit : 
SUBMIT_JOB by amarrk on job_201003111048_0001 : SUCCESS [  ]
2010-03-11 10:49:01,811 INFO org.apache.hadoop.mapred.JobInProgress.audit : 
INIT_JOB by amarrk on job_201003111048_0001 : FAILURE [ Total tasks : 11, Max 
tasks : 10 ]
2010-03-11 12:26:11,158 INFO AuditLogger: org.apache.hadoop.mapred.JobTracker : 
NODE_REFRESH by hacker on JobTracker : FAILURE [ Access denied ]
{noformat}

The reason for adding '_.audit_' to the classnames is for the ease of filtering 
them out and also be consistent with the hdfs audit logging naming convention.

Thoughts?

> Log messages of JobACLsManager should use security logging of HADOOP-6586
> -------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-1543
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1543
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security
>            Reporter: Vinod K V
>             Fix For: 0.22.0
>
>
> {{JobACLsManager}} added in MAPREDUCE-1307 logs the successes and failures 
> w.r.t job-level authorization in the corresponding Daemons' logs. The log 
> messages should instead use security logging of HADOOP-6586.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to