svn commit: r1584087 - /knox/trunk/books/0.4.0/config_audit.md

Wed, 02 Apr 2014 09:42:44 -0700 

Author: lmccay
Date: Wed Apr  2 16:41:54 2014
New Revision: 1584087

URL: http://svn.apache.org/r1584087
Log:
=added missing config_audit.md

Added:
    knox/trunk/books/0.4.0/config_audit.md

Added: knox/trunk/books/0.4.0/config_audit.md
URL: 
http://svn.apache.org/viewvc/knox/trunk/books/0.4.0/config_audit.md?rev=1584087&view=auto
==============================================================================
--- knox/trunk/books/0.4.0/config_audit.md (added)
+++ knox/trunk/books/0.4.0/config_audit.md Wed Apr  2 16:41:54 2014
@@ -0,0 +1,78 @@
+<!---
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+--->
+
+### Audit ###
+
+The Audit facility within the Knox Gateway introduces functionality for 
tracking actions that are executed by Knox per user's request or that are 
produced by Knox internal events like topology deploy, etc.
+The Knox Audit module is based on the [Apache 
log4j](http://logging.apache.org/log4j/1.2/).
+
+#### Configuration needed ####
+
+Out of the box, the Knox Gateway includes preconfigured auditing capabilities. 
To change its configuration please read following sections.
+
+#### Where audit logs go ####
+
+Audit module is preconfigured to write audit records to the log file 
`/var/log/knox/gateway-audit.log`.
+
+This behavior can be changed in the `conf/gateway-log4j.properties` file. 
`log4j.appender.auditfile.*` properties determine this behavior. For detailed 
information read [Apache log4j](http://logging.apache.org/log4j/1.2/).
+
+#### Audit format ####
+
+Out of the box, the audit record format is defined by 
org.apache.hadoop.gateway.audit.log4j.layout.AuditLayout.
+Its structure is following:
+
+       EVENT_PUBLISHING_TIME 
ROOT_REQUEST_ID|PARENT_REQUEST_ID|REQUEST_ID|LOGGER_NAME|TARGET_SERVICE_NAME|USER_NAME|PROXY_USER_NAME|SYSTEM_USER_NAME|ACTION|RESOURCE_TYPE|RESOURCE_NAME|OUTCOME|LOGGING_MESSAGE
+
+The audit record format can be changed by setting 
`log4j.appender.auditfile.layout` property in `conf/gateway-log4j.properties` 
to another class that extends org.apache.log4j.Layout or its subclasses.
+
+For detailed information read [Apache 
log4j](http://logging.apache.org/log4j/1.2/).
+
+##### How to interpret audit log #####
+
+Component | Description
+---------|-----------
+EVENT_PUBLISHING_TIME|Time when audit record was published.
+ROOT_REQUEST_ID|The root request ID if this is a sub-request. Currently it is 
empty.
+PARENT_REQUEST_ID|The parent request ID if this is a sub-request. Currently it 
is empty.
+REQUEST_ID|A unique value representing the current, active request. If the 
current request id value is different from the current parent request id value 
then the current request id value is moved to the parent request id before it 
is replaced by the provided request id. If the root request id is not set it 
will be set with the first non-null value of either the parent request id or 
the passed request id.
+LOGGER_NAME|The name of the logger
+TARGET_SERVICE_NAME|Name of Hadoop service. Can be empty if audit record is 
not linked to any Hadoop service, for example, audit record for topology 
deployment.
+USER_NAME|Name of user that initiated session with Knox
+PROXY_USER_NAME|Mapped user name. For detailed information read #[Identity 
Assertion].
+SYSTEM_USER_NAME|Currently is empty.
+ACTION|Type of action that was executed. Following actions are defined: 
authentication, authorization, redeploy, deploy, undeploy, identity-mapping, 
dispatch, access.
+RESOURCE_TYPE|Type of resource for which action was executed. Following 
resource types are defined: uri, topology, principal.
+RESOURCE_NAME|Name of resource. For resource of type topology it is name of 
topology. For resource of type uri it is inbound or dispatch request path. For 
resource of type principal it is a name of mapped user.
+OUTCOME|Action result type. Following outcomes are defined: success, failure, 
unavailable.
+LOGGING_MESSAGE| Logging message. Contains additional tracking information.
+
+#### Audit log rotation ####
+
+Audit logging is preconfigured with 
`org.apache.log4j.DailyRollingFileAppender`.
+[Apache log4j](http://logging.apache.org/log4j/1.2/) contains information 
about other Appenders.
+
+#### How to change audit level or disable it ####
+
+Audit configuration is stored in the `conf/gateway-log4j.properties` file.
+
+All audit messages are logged at `INFO` level and this behavior can't be 
changed.
+
+To change audit configuration `log4j.logger.audit*` and 
`log4j.appender.auditfile*` properties in `conf/gateway-log4j.properties` file 
should be modified.
+
+Their meaning can be found in [Apache 
log4j](http://logging.apache.org/log4j/1.2/).
+
+Disabling auditing can be done by decreasing log level for appender.

Reply via email to