[GitHub] [hadoop] tasanuma commented on pull request #3538: HDFS-16266. Add remote port information to HDFS audit log
tasanuma commented on pull request #3538: URL: https://github.com/apache/hadoop/pull/3538#issuecomment-960354847 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[GitHub] [hadoop] tasanuma commented on pull request #3538: HDFS-16266. Add remote port information to HDFS audit log
tasanuma commented on pull request #3538: URL: https://github.com/apache/hadoop/pull/3538#issuecomment-955873323 @tomscut Thanks for your thoughts. That makes sense to me. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[GitHub] [hadoop] tasanuma commented on pull request #3538: HDFS-16266. Add remote port information to HDFS audit log
tasanuma commented on pull request #3538: URL: https://github.com/apache/hadoop/pull/3538#issuecomment-954558413 How about using the word of "port" instead of "clientPort" here, and adding "clientPort" as the actual client server port for RBF in another JIRA? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[GitHub] [hadoop] tasanuma commented on pull request #3538: HDFS-16266. Add remote port information to HDFS audit log
tasanuma commented on pull request #3538: URL: https://github.com/apache/hadoop/pull/3538#issuecomment-954546028 Thanks for updating it, @tomscut. I tried it with my RBF cluster. There is a client server (1.1.1.1), a DFS Router (2.2.2.2), and NameNode. When a client sends a request to the Router, NameNode logs the following. ``` INFO FSNamesystem.audit: allowed=true ugi=tasanuma ip=/2.2.2.2 cmd=listStatus src=/user/tasanuma dst=nullperm=null proto=rpc callerContext=CLI,clientIp:1.1.1.1,clientPort:33070 ``` In this case, `clientIp:1.1.1.1` is the IP of the client server, but `clientPort:33070` is the port of the DFS Router (2.2.2.2), not the one of the client server. It would be confusing for the users. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[GitHub] [hadoop] tasanuma commented on pull request #3538: HDFS-16266. Add remote port information to HDFS audit log
tasanuma commented on pull request #3538: URL: https://github.com/apache/hadoop/pull/3538#issuecomment-948371693 Thanks for updating the PR, @tomscut. - I discussed with my colleagues, and they suggested that adding a new port field would have less impact on users who are analyzing the audit logs instead of expanding the existing IP field. What do you think? - After HDFS-13293, Router is forwarding client IP via CallerContext. How about adding the client-side port to the CallerContext as well? Maybe we can consider it in another JIRA. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org