Hi, Also note that the table level audit logging is configured/visible at the Region server not the Master. The audit logs on the Master will only show the actions performed at the metadata level (create table etc.).
Regards, Nikolai. -----Original Message----- From: ashish singhi [mailto:[email protected]] Sent: 26 February 2018 08:27 To: [email protected] Subject: RE: Hbase Audit Logs Hi, You need to enable TRACE level logging for AccessController. Change log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController=INFO to log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController=TRACE Regards, Ashish -----Original Message----- From: Subash Kunjupillai [mailto:[email protected]] Sent: Monday, February 26, 2018 1:29 PM To: [email protected] Subject: Hbase Audit Logs Hi, I've enabled HBase Authorization by adding below properties in HBase-site.xml and also in log4j Security audit appender is as below. *hbase-site.xml* /<property> <name>hbase.security.authorization</name> <value>true</value> </property> <property> <name>hbase.coprocessor.master.classes</name> <value>org.apache.hadoop.hbase.security.access.AccessController</value> </property> <property> <name>hbase.coprocessor.region.classes</name> <value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController</value> </property>/ *log4j.properties* /hbase.security.log.file=SecurityAuth.audit hbase.security.log.maxfilesize=256MB hbase.security.log.maxbackupindex=20 log4j.appender.RFAS=org.apache.log4j.RollingFileAppender log4j.appender.RFAS.File=${hbase.log.dir}/${hbase.security.log.file} log4j.appender.RFAS.MaxFileSize=${hbase.security.log.maxfilesize} log4j.appender.RFAS.MaxBackupIndex=${hbase.security.log.maxbackupindex} log4j.appender.RFAS.layout=org.apache.log4j.PatternLayout log4j.appender.RFAS.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n log4j.category.SecurityLogger=${hbase.security.logger} log4j.additivity.SecurityLogger=false log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController=INFO log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.visibility.VisibilityController=INFO/ I'm able to see the logs being written to SecurityAuth.audit. But my question is, what configurations should be done to get audit details in log for operations like put, get, delete, table create. -- Sent from: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fapache-hbase.679495.n3.nabble.com%2FHBase-User-f4020416.html&data=02%7C01%7CKoustovN%40dnb.com%7Cea41e014657f4733b21e08d57cf2bc22%7C19e2b708bf12437597198dec42771b3e%7C0%7C0%7C636552304345372779&sdata=7d8vIaKqfvyFowERKzQrZ51yFruDitpbNH2NG9J7TxI%3D&reserved=0
