Sam, Paulo, Thank you very much for explanations and references.
Oleg On Mon, Jan 25, 2016 at 10:08 AM, Sam Tunnicliffe <s...@beobal.com> wrote: > Paulo is correct in saying that C* doesn't have a direct equivalent of > SecurityContextHolder. Authenticated principal info is retrievable from the > QueryState during query execution but a) this isn't available to every > method in the call chain and b) its scope is limited to the coordinator for > the request. That is, it isn't serialized and included in the read/mutation > messages which the coordinator distributes to the replicas. So you could > produce a level of audit trail by providing a custom QueryHandler (See > CASSANDRA-6659) that logs each statement along with the principal. But if > the goal is indeed that "every log message in file should start with > username of the user, who initiated this action", it's isn't really > feasible right now > > On Mon, Jan 25, 2016 at 3:52 PM, Paulo Motta <pauloricard...@gmail.com> > wrote: > >> That would work, but afaik Cassandra doesn't have an equivalent of >> RequestContextHolder/SecurityContextHolder that is able to retrieve the >> user/session of a given thread/request (maybe I'm wrong as I'm no auth >> expert), so if these don't exist we'd need to add equivalent to those or do >> it via MDC (set the context when request arrives, propagate to down stream >> threads, cleanup), which can become quite messy as shown in CASSANDRA-7276. >> >> For CQL statements perhaps the query tracing infrastructure could be >> reused to provide that info, but that would require further investigation. >> See CASSANDRA-1123 for more details on that. >> >> 2016-01-25 12:30 GMT-03:00 oleg yusim <olegyu...@gmail.com>: >> >>> Paulo, >>> >>> Ideally - all the actions (security purposes, preserving completness of >>> the audit trail). How about this approach: >>> http://www.codelord.net/2010/08/27/logging-with-a-context-users-in-logback-and-spring-security/ >>> ? >>> Would that work? Or you would rather suggest to go MDC way? >>> >>> Thanks, >>> >>> Oleg >>> >>> On Mon, Jan 25, 2016 at 9:23 AM, Paulo Motta <pauloricard...@gmail.com> >>> wrote: >>> >>>> What kind of actions? nodetool/system actions or cql statements? >>>> >>>> You could probably achieve identity-based logging with logback Mapped >>>> Diagnostic Context (MDC - logback.qos.ch/manual/mdc.html), but you'd >>>> need to patch your own Cassandra jars in many locations to provide that >>>> information to the logging context, so not exactly a trivial thing to do. >>>> We tried using that to print ks/cf names on log messages but it became a >>>> bit messy due to the SEDA architecture as you need to patch executors to >>>> inherit identifiers from parent threads and cleanup afterwards. See >>>> CASSANDRA-7276 for more background. >>>> >>>> 2016-01-25 12:09 GMT-03:00 oleg yusim <olegyu...@gmail.com>: >>>> >>>>> I want to try to re-phrase my question here... what I'm trying to >>>>> achieve is identity-based logging. I.e. every log message in file should >>>>> start with username of the user, who initiated this action. Would that be >>>>> possible to achieve? If so, can you give me a brief example? >>>>> >>>>> Thanks, >>>>> >>>>> Oleg >>>>> >>>>> On Thu, Jan 21, 2016 at 2:57 PM, oleg yusim <olegyu...@gmail.com> >>>>> wrote: >>>>> >>>>>> Joel, >>>>>> >>>>>> Thanks for reference. What I'm trying to achieve, is to add the name >>>>>> of the user, who initiated logged action. I tried c{5}, but what I see is >>>>>> that; >>>>>> >>>>>> TRACE [GossipTasks:1] c{5} 2016-01-21 20:51:17,619 Gossiper.java:700 >>>>>> - Performing status check ... >>>>>> >>>>>> I think, I'm missing something here. Any suggestions? >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Oleg >>>>>> >>>>>> >>>>>> >>>>>> On Thu, Jan 21, 2016 at 1:30 PM, Joel Knighton < >>>>>> joel.knigh...@datastax.com> wrote: >>>>>> >>>>>>> Cassandra uses logback as its backend for logging. >>>>>>> >>>>>>> You can find information about configuring logging in Cassandra by >>>>>>> searching for "Configuring logging" on docs.datastax.com and >>>>>>> selecting the documentation for your version. >>>>>>> >>>>>>> The documentation for PatternLayouts (the pattern string about which >>>>>>> you're asking) in logback is available in the logback manual under the >>>>>>> section for Conversion Words >>>>>>> http://logback.qos.ch/manual/layouts.html#conversionWord >>>>>>> >>>>>>> >>>>>>> On Thu, Jan 21, 2016 at 1:21 PM, oleg yusim <olegyu...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Greetings, >>>>>>>> >>>>>>>> Guys, can you, please, point me to documentation on how to >>>>>>>> configure format of logs? I want make it clear, I'm talking about >>>>>>>> formatting i.e. this: >>>>>>>> >>>>>>>> <pattern>%-5level %date{HH:mm:ss,SSS} %msg%n</pattern> >>>>>>>> >>>>>>>> What if I want to add another parameters into this string? Is there >>>>>>>> a list of available parameters here and syntax? >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> Oleg >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> <http://www.datastax.com/> >>>>>>> >>>>>>> Joel Knighton >>>>>>> Cassandra Developer | joel.knigh...@datastax.com >>>>>>> >>>>>>> <https://www.linkedin.com/company/datastax> >>>>>>> <https://www.facebook.com/datastax> <https://twitter.com/datastax> >>>>>>> <https://plus.google.com/+Datastax/about> >>>>>>> <http://feeds.feedburner.com/datastax> >>>>>>> <https://github.com/datastax/> >>>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> >
