Vinay Chella commented on CASSANDRA-12151:

Thanks everyone for your inputs. I am trying to summarize the discussion here 
so that I can take action items and either incorporate in this patch or create 
separate JIRAs to track.

1. Simple and incremental approach
2. Reuse the BinLog/ Chronicle work that is put in CASSANDRA-13983 so that we 
don't duplicate efforts and achieve asynchronous, efficient logging
3. Provide context needed in AuditLogger interfaces so that we could have 
various implementations based on logging needs (e.g., more information to log, 
4. Filter/ whitelist users for AuditLog events.
5. Pluggable component that we can fit into the client-facing netty pipeline
6. Code review comments from Dinesh and Jaydeepkumar 
7. Auditlog to log percentage of queries instead of logging every query

I am currently working on #2, #3, #4 and #6. I will gather more data on #5, #7 
and create separate JIRAs as needed. To satisfy #1, we are trying best to get 
the simple version(simple/ basic configs) out, take feedback and improve on in 
later versions/ patches.

I am also planning to stress test this patch and publish numbers with and 
without AuditLog so that user knows the cost of this feature.

Short story: Everyone wants C* audit logging, but we also know it has a 
non-trivial cost in terms of performance (not a free lunch). The debate is 
around what level of details should go in the log, what should be configurable, 
which can be addressed with #1 approach (incremental approach). However, 
design(Interface level details) feedback and redundant 
efforts(BinLog/Chronicle) are being addressed in this patch.

Hope this summary helps. Please let me know if I am missing something important.

> Audit logging for database activity
> -----------------------------------
>                 Key: CASSANDRA-12151
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12151
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: stefan setyadi
>            Assignee: Vinay Chella
>            Priority: Major
>             Fix For: 4.x
>         Attachments: 12151.txt, 
> DesignProposal_AuditingFeature_ApacheCassandra_v1.docx
> we would like a way to enable cassandra to log database activity being done 
> on our server.
> It should show username, remote address, timestamp, action type, keyspace, 
> column family, and the query statement.
> it should also be able to log connection attempt and changes to the 
> user/roles.
> I was thinking of making a new keyspace and insert an entry for every 
> activity that occurs.
> Then It would be possible to query for specific activity or a query targeting 
> a specific keyspace and column family.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to