Thanks for the info. It is really helpful. On Mon, Feb 3, 2020 at 3:42 PM Kevin Risden <[email protected]> wrote:
> No not really. In general, Knox deals in HTTP requests and doesn't know > what is in those requests. There is no parsing in Knox of the actual > request data. A request comes to Knox an then is based through to the > backend. > > In the case of Hive JDBC over HTTP, a single "action" is typically > multiple HTTP requests and aren't correlated easily at Knox. Some examples > of HTTP requests; > * Open connection > * Create statement > * Execute statement > * Get resultset (do this for N number of batches of results) > * Close statement > * Close connection > > All of the above are separate HTTP requests that get passed down to > HiveServer2. Knox doesn't know what the requests mean other than they need > to go to HS2. > > If you are looking for audit for actions taken, you need to get that from > the backend service that knows what action was taken. > > Kevin Risden > > > On Mon, Feb 3, 2020 at 9:15 AM Yunus Durmuş <[email protected]> wrote: > >> Hi everyone, >> >> I would like to log every Hive query that runs via Knox. The audit >> functionality shows that there is some activity by user X, but it does not >> show the action itself. >> When a security incident occurs, I should be able to figure out who >> accesses what and when. >> >> cheers >> yunus >> >>
