Re: How to Protect Tracing Requests From Client Side

[shalom sagges]

Thanks Guys!

This really helps!



On Fri, Mar 23, 2018 at 7:10 AM, Mick Semb Wever 
wrote:

> Is there a way to protect C* on the server side from tracing commands that
>> are executed from clients?
>>
>
>
> If you really needed a way to completely disable all and any possibility
> of tracing you could start each C* node with tracing switched to a noop
> implementation.
>
> eg, add to the jvm.options file the line
>
> -Dcassandra.custom_tracing_class=somepackage.NoOpTracing
>
>
> while also putting into each $CASSANDRA_HOME/lib/ a jar file containing
> this NoOpTracing class…
>
> ```
> package somepackage;
>
> import java.net.InetAddress;
> import java.nio.ByteBuffer;
> import java.util.Map;
> import java.util.UUID;
> import org.apache.cassandra.tracing.*;
> import org.apache.cassandra.utils.FBUtilities;
>
> /** Starting Cassandra with '-Dcassandra.custom_tracing_
> class=org.apache.cassandra.tracing.NoOpTracing'
>  * will forcibly disable all tracing.
>  *
>  * This can be useful in defensive environments.
>  */
> public final class NoOpTracing extends Tracing {
>
> @Override
> protected void stopSessionImpl() {}
>
> @Override
> public TraceState begin(String request, InetAddress client,
> Map parameters) {
> return NoOpTraceState.INSTANCE;
> }
>
> @Override
> protected TraceState newTraceState(InetAddress coordinator, UUID
> sessionId, TraceType traceType) {
> return NoOpTraceState.INSTANCE;
> }
>
> @Override
> public void trace(ByteBuffer sessionId, String message, int ttl) {}
>
> private static class NoOpTraceState extends TraceState {
> private static final NoOpTraceState INSTANCE = new
> NoOpTraceState();
> private NoOpTraceState() {
> super(FBUtilities.getBroadcastAddress(), UUID.randomUUID(),
> TraceType.NONE);
> }
> @Override
> protected void traceImpl(String message) {}
> }
> }
> ```
>
> regards,
> Mick
>
>
> --
> Mick Semb Wever
> Australia
>
> The Last Pickle
> Apache Cassandra Consulting
> http://www.thelastpickle.com
>

Re: How to Protect Tracing Requests From Client Side

[Mick Semb Wever]

>
> Is there a way to protect C* on the server side from tracing commands that
> are executed from clients?
>


If you really needed a way to completely disable all and any possibility of
tracing you could start each C* node with tracing switched to a noop
implementation.

eg, add to the jvm.options file the line

-Dcassandra.custom_tracing_class=somepackage.NoOpTracing


while also putting into each $CASSANDRA_HOME/lib/ a jar file containing
this NoOpTracing class…

```
package somepackage;

import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.util.Map;
import java.util.UUID;
import org.apache.cassandra.tracing.*;
import org.apache.cassandra.utils.FBUtilities;

/** Starting Cassandra with
'-Dcassandra.custom_tracing_class=org.apache.cassandra.tracing.NoOpTracing'
 * will forcibly disable all tracing.
 *
 * This can be useful in defensive environments.
 */
public final class NoOpTracing extends Tracing {

@Override
protected void stopSessionImpl() {}

@Override
public TraceState begin(String request, InetAddress client, Map parameters) {
return NoOpTraceState.INSTANCE;
}

@Override
protected TraceState newTraceState(InetAddress coordinator, UUID
sessionId, TraceType traceType) {
return NoOpTraceState.INSTANCE;
}

@Override
public void trace(ByteBuffer sessionId, String message, int ttl) {}

private static class NoOpTraceState extends TraceState {
private static final NoOpTraceState INSTANCE = new NoOpTraceState();
private NoOpTraceState() {
super(FBUtilities.getBroadcastAddress(), UUID.randomUUID(),
TraceType.NONE);
}
@Override
protected void traceImpl(String message) {}
}
}
```

regards,
Mick


-- 
Mick Semb Wever
Australia

The Last Pickle
Apache Cassandra Consulting
http://www.thelastpickle.com

Re: How to Protect Tracing Requests From Client Side

[Christopher Bradford]

`nodetool settraceeprobability` controls the *automated* tracing within a
single node based on the value set. It may be some or none, but it doesn't
effect queries which are explicitly marked for tracing by the driver within
your application. You can test this by running CQLSH and enabling TRACING
with "TRACING ON;". Now run a query and trace results will be returned.

To resolve your problem it may be worth checking to see if you could limit
the ability to modify tables within the system_traces keyspace via
permissions.

~Chris

On Thu, Mar 22, 2018 at 6:07 PM shalom sagges 
wrote:

> Thanks a lot Rahul! :-)
>
> On Thu, Mar 22, 2018 at 8:03 PM, Rahul Singh  > wrote:
>
>> Execute ‘nodetool settraceprobability 0’ on all nodes. It does zero
>> percentage of he tracing.
>>
>> --
>> Rahul Singh
>> rahul.si...@anant.us
>>
>> Anant Corporation
>>
>> On Mar 22, 2018, 11:10 AM -0500, shalom sagges ,
>> wrote:
>>
>> Hi All,
>>
>> Is there a way to protect C* on the server side from tracing commands
>> that are executed from clients?
>>
>> Thanks!
>>
>>
>

Re: How to Protect Tracing Requests From Client Side

[shalom sagges]

Thanks a lot Rahul! :-)

On Thu, Mar 22, 2018 at 8:03 PM, Rahul Singh 
wrote:

> Execute ‘nodetool settraceprobability 0’ on all nodes. It does zero
> percentage of he tracing.
>
> --
> Rahul Singh
> rahul.si...@anant.us
>
> Anant Corporation
>
> On Mar 22, 2018, 11:10 AM -0500, shalom sagges ,
> wrote:
>
> Hi All,
>
> Is there a way to protect C* on the server side from tracing commands that
> are executed from clients?
>
> Thanks!
>
>

Re: How to Protect Tracing Requests From Client Side

[Rahul Singh]

Execute ‘nodetool settraceprobability 0’ on all nodes. It does zero percentage 
of he tracing.

--
Rahul Singh
rahul.si...@anant.us

Anant Corporation

On Mar 22, 2018, 11:10 AM -0500, shalom sagges , wrote:
> Hi All,
>
> Is there a way to protect C* on the server side from tracing commands that 
> are executed from clients?
>
> Thanks!

How to Protect Tracing Requests From Client Side

[shalom sagges]

Hi All,

Is there a way to protect C* on the server side from tracing commands that
are executed from clients?

Thanks!