[
https://issues.apache.org/jira/browse/CASSANDRA-12151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16418918#comment-16418918
]
Stefan Podkowinski commented on CASSANDRA-12151:
------------------------------------------------
I'd not use the logback logger for query logging in production. As shown
recently in CASSANDRA-14318, the performance impact is significant and your
benchmark results show that as well. Rotating out log files by simply deleting
them is probably also not what you'd expect from a auditing solution. But maybe
we can keep the logback logger for some simple auth related logging and make it
also useful for users who would not enable auditing in first place. How about
enabling the {{FileAuditLogger}} by default and let it create an {{auth.log}},
which would log all failed login attempts? Maybe add a comment on how to enable
successful attempts as well.
Looks like this won't be possible with the current {{included_categories}}
filtering, which is based on the DDL, DML, .. categories. I'd suggest to make
the filter work for both the category and actual AuditLogEntryType (SELECT,
UPDATE, DELETE,..).
Full query logging should be done using the BinLogger or a custom
implementation. It would be nice to be able to use mutliple implementations in
parallel, in case we want to enable FileAuditLogger by default.
NIT: check logger.isEnabled before toString in FileAuditLogger
> Audit logging for database activity
> -----------------------------------
>
> Key: CASSANDRA-12151
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12151
> Project: Cassandra
> Issue Type: New Feature
> Reporter: stefan setyadi
> Assignee: Vinay Chella
> Priority: Major
> Fix For: 4.x
>
> Attachments: 12151.txt, CASSANDRA_12151-benchmark.html,
> DesignProposal_AuditingFeature_ApacheCassandra_v1.docx
>
>
> we would like a way to enable cassandra to log database activity being done
> on our server.
> It should show username, remote address, timestamp, action type, keyspace,
> column family, and the query statement.
> it should also be able to log connection attempt and changes to the
> user/roles.
> I was thinking of making a new keyspace and insert an entry for every
> activity that occurs.
> Then It would be possible to query for specific activity or a query targeting
> a specific keyspace and column family.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
