[
https://issues.apache.org/jira/browse/CASSANDRA-12151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16458567#comment-16458567
]
Jason Brown commented on CASSANDRA-12151:
-----------------------------------------
After rereading this patch, I've merged the FQL and AuditLog code paths as they
do the same thing from the outside: record user-initiated events. To that end,
I've moved the management of {{FullQueryLogger}} under {{AuditLogManager}},
thus making {{AuditLogManager}} the hub for logging these actions. Further,
instead of {{BinAuditLogger}} inherit from {{FullQueryLogger}} (which never
felt quite right), I've pulled the shared componentry into a base class
({{BinLogAuditLogger}}), and {{BinAuditLogger}} / {{FullQueryLogger}} inherit
from that.
I refactored {{AuditLogEntry}} to use the builder pattern for construction as
all the {{static #getLogEntry()}} with the {{set*()}} methods was rather
confusing. Further, we're using the builder pattern elsewhere in the code.
{{#toString()}} is typically used for debugging, so I'd prefer a different
method name - I used {{#getLogString()}}. If you want the debug dump to have
the same output, you can have {{toString()}} call that renamed function.
We need an extra filter in {{AuditLogManager#log(AuditLogEntry)}} to make sure
we don't send unintended messages to FQL. Can you figure out what that is? I'm
not sure if we can simply use the entry's {{AuditLogEntryType}} or the type's
category.
Why did you remove the reloadFilters functionality?
I feel like the {{category}} in AuditLogEntryType should be an enum, as well.
wdyt?
I haven't looked at the circleci results yet for utests/dtests, but let's make
sure this is right path forward first.
> Audit logging for database activity
> -----------------------------------
>
> Key: CASSANDRA-12151
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12151
> Project: Cassandra
> Issue Type: New Feature
> Reporter: stefan setyadi
> Assignee: Vinay Chella
> Priority: Major
> Fix For: 4.x
>
> Attachments: 12151.txt, CASSANDRA_12151-benchmark.html,
> DesignProposal_AuditingFeature_ApacheCassandra_v1.docx
>
>
> we would like a way to enable cassandra to log database activity being done
> on our server.
> It should show username, remote address, timestamp, action type, keyspace,
> column family, and the query statement.
> it should also be able to log connection attempt and changes to the
> user/roles.
> I was thinking of making a new keyspace and insert an entry for every
> activity that occurs.
> Then It would be possible to query for specific activity or a query targeting
> a specific keyspace and column family.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
