Thanks Laxmikant and Paul. @Laxmikant, Unfortunately, this cluster is still on 2.1 so ECAudit won't support it, but will check it out once it's upgraded to 3.x (should happen pretty soon). @Paul, I will definitely try the Wireshark method.
Thanks a lot guys for your help! On Thu, Sep 26, 2019 at 11:05 PM Paul Chandler <p...@redshots.com> wrote: > Hi Shalom, > > When tracking down specific queries I have used ngrep and fed the results > into Wireshark, this will allow you to find out everything about the > requests coming into the node from the client, as long as the connection is > not encrypted. > > I wrote this up here a few months ago: > http://www.redshots.com/finding-rogue-cassandra-queries/ > > I hope this helps. > > Paul > > > > > > On 26 Sep 2019, at 10:21, Laxmikant Upadhyay <laxmikant....@gmail.com> > wrote: > > One of the way to figure out what queries have run is to use audit > logging plugin supported in 3.x, 2.2 > https://github.com/Ericsson/ecaudit > > On Thu, Sep 26, 2019 at 2:19 PM shalom sagges <shalomsag...@gmail.com> > wrote: > >> Thanks for the quick response Jeff! >> >> The EXECUTE lines are a prepared statement with the specified number of >> parameters. >> Is it possible to find out on which keyspace/table these prepared >> statements run? >> Can I get additional information from the prepared statement's ID? e.g. >> EXECUTE *d67e6a07c24b675f492686078b46c9**97* >> >> Thanks! >> >> On Thu, Sep 26, 2019 at 11:14 AM Jeff Jirsa <jji...@gmail.com> wrote: >> >>> The EXECUTE lines are a prepared statement with the specified number of >>> parameters. >>> >>> >>> On Wed, Sep 25, 2019 at 11:38 PM shalom sagges <shalomsag...@gmail.com> >>> wrote: >>> >>>> Hi All, >>>> >>>> I've been trying to find which queries are run on a Cassandra node. >>>> I've enabled DEBUG and ran *nodetool setlogginglevel >>>> org.apache.cassandra.transport TRACE* >>>> >>>> I did get some queries, but it's definitely not all the queries that >>>> are run on this database. >>>> I've also found a lot of DEBUG [SharedPool-Worker-72] 2019-09-25 >>>> 06:29:16,674 Message.java:437 - Received: EXECUTE >>>> 2a6022010ffaf55229262de917657d0f with 6 values at consistency LOCAL_QUORUM, >>>> v=3 but I don't understand what information I can gain from that and why it >>>> appears many times (a lot more then the queries I wish to track). >>>> >>>> Can someone help me understand this type of logging? >>>> Thanks! >>>> DEBUG [SharedPool-Worker-88] 2019-09-25 06:29:16,793 Message.java:437 - >>>> Received: EXECUTE 2a6022010ffaf55229262de917657d0f with 6 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-87] 2019-09-25 06:29:16,780 Message.java:437 - >>>> Received: EXECUTE 447fdb9c8dfae53fafd78c7583aeb0f1 with 3 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-86] 2019-09-25 06:29:16,770 Message.java:437 - >>>> Received: EXECUTE db812ac40b66c326f728452350eb0ab2 with 3 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-84] 2019-09-25 06:29:16,761 Message.java:437 - >>>> Received: EXECUTE 7119db57e0a2041206f62c6d48fb4329 with 3 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-82] 2019-09-25 06:29:16,759 Message.java:437 - >>>> Received: QUERY UPDATE tbl1 SET col6=?,col7=?,col8=?,col9=? WHERE col1=? >>>> AND col2=? AND col3=? AND col4=? AND col5=?;, v=3 >>>> DEBUG [SharedPool-Worker-85] 2019-09-25 06:29:16,751 Message.java:437 - >>>> Received: EXECUTE 2cddc1f6af3c6efbeaf435f9b7ec1c8a with 4 values at >>>> consistency LOCAL_ONE, v=3 >>>> DEBUG [SharedPool-Worker-83] 2019-09-25 06:29:16,745 Message.java:437 - >>>> Received: EXECUTE db812ac40b66c326f728452350eb0ab2 with 3 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-81] 2019-09-25 06:29:16,734 Message.java:437 - >>>> Received: EXECUTE 7119db57e0a2041206f62c6d48fb4329 with 3 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-79] 2019-09-25 06:29:16,732 Message.java:437 - >>>> Received: EXECUTE e779e97bc0de5e5e121db71c5cb2b727 with 11 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-80] 2019-09-25 06:29:16,731 Message.java:437 - >>>> Received: EXECUTE 91af551f94a4394b96ef9afff71dfcc1 with 2 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-78] 2019-09-25 06:29:16,731 Message.java:437 - >>>> Received: EXECUTE 2a6022010ffaf55229262de917657d0f with 6 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-75] 2019-09-25 06:29:16,720 Message.java:437 - >>>> Received: EXECUTE b665e5f576dfe70845269d63b485c8ee with 2 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-77] 2019-09-25 06:29:16,715 Message.java:437 - >>>> Received: EXECUTE ce545d85a7ee7c8ad58875afa72d9cf6 with 3 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-74] 2019-09-25 06:29:16,703 Message.java:437 - >>>> Received: EXECUTE 7119db57e0a2041206f62c6d48fb4329 with 3 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-76] 2019-09-25 06:29:16,686 Message.java:437 - >>>> Received: EXECUTE b665e5f576dfe70845269d63b485c8ee with 2 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-71] 2019-09-25 06:29:16,682 Message.java:437 - >>>> Received: EXECUTE 2a6022010ffaf55229262de917657d0f with 6 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-73] 2019-09-25 06:29:16,675 Message.java:437 - >>>> Received: EXECUTE b665e5f576dfe70845269d63b485c8ee with 2 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-72] 2019-09-25 06:29:16,674 Message.java:437 - >>>> Received: EXECUTE 2a6022010ffaf55229262de917657d0f with 6 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-69] 2019-09-25 06:29:16,644 Message.java:437 - >>>> Received: EXECUTE 2cddc1f6af3c6efbeaf435f9b7ec1c8a with 4 values at >>>> consistency LOCAL_ONE, v=3 >>>> DEBUG [SharedPool-Worker-68] 2019-09-25 06:29:16,635 Message.java:437 - >>>> Received: EXECUTE b665e5f576dfe70845269d63b485c8ee with 2 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-53] 2019-09-25 06:29:16,635 Message.java:437 - >>>> Received: EXECUTE e779e97bc0de5e5e121db71c5cb2b727 with 11 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-66] 2019-09-25 06:29:16,635 Message.java:437 - >>>> Received: EXECUTE 447fdb9c8dfae53fafd78c7583aeb0f1 with 3 values at >>>> consistency LOCAL_QUORUM, v=3 >>>> DEBUG [SharedPool-Worker-65] 2019-09-25 06:29:16,623 Message.java:437 - >>>> Received: EXECUTE d67e6a07c24b675f492686078b46c997 with 3 values at >>>> consistency LOCAL_ONE, v=3 >>>> DEBUG [SharedPool-Worker-61] 2019-09-25 06:29:16,621 Message.java:437 - >>>> Received: QUERY SELECT column4 FROM ks2.tbl2 WHERE column1='xxxx' AND >>>> column2='yyyy' AND ts1>1569358692193;, v=3 >>>> DEBUG [SharedPool-Worker-62] 2019-09-25 06:29:16,618 Message.java:437 - >>>> Received: EXECUTE d67e6a07c24b675f492686078b46c997 with 3 values at >>>> consistency LOCAL_ONE, v=3 >>>> >>>> > > -- > > regards, > Laxmikant Upadhyay > > >