This is an automated email from the ASF dual-hosted git repository. qiaojialin pushed a commit to branch add_audit_log in repository https://gitbox.apache.org/repos/asf/incubator-iotdb.git
commit 795a75fcf2aa8f534ab13069ec3334f02edaddf4 Author: qiaojialin <[email protected]> AuthorDate: Tue Jun 16 16:02:41 2020 +0800 add audit log --- server/src/assembly/resources/conf/logback.xml | 21 ++++++++++++++ .../org/apache/iotdb/db/conf/IoTDBConstant.java | 2 ++ .../org/apache/iotdb/db/service/TSServiceImpl.java | 32 ++++++++++++++-------- 3 files changed, 44 insertions(+), 11 deletions(-) diff --git a/server/src/assembly/resources/conf/logback.xml b/server/src/assembly/resources/conf/logback.xml index fc8a179..7121876 100644 --- a/server/src/assembly/resources/conf/logback.xml +++ b/server/src/assembly/resources/conf/logback.xml @@ -170,6 +170,24 @@ <level>INFO</level> </filter> </appender> + <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT"> + <file>${IOTDB_HOME}/logs/log_audit.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${IOTDB_HOME}/logs/log-audit-%d{yyyy-MM-dd}.%i.log</fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>50MB</maxFileSize> + <maxBackupIndex>50</maxBackupIndex> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + <append>true</append> + <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <pattern>%d [%t] %-5p %C:%L - %m %n</pattern> + <charset>utf-8</charset> + </encoder> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>INFO</level> + </filter> + </appender> <root level="info"> <appender-ref ref="FILEDEBUG"/> <appender-ref ref="FILEWARN"/> @@ -183,4 +201,7 @@ <logger level="info" name="org.apache.iotdb.db.sync"> <appender-ref ref="SYNC"/> </logger> + <logger level="info" name="IoTDB_AUDIT_LOGGER"> + <appender-ref ref="AUDIT"/> + </logger> </configuration> diff --git a/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConstant.java b/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConstant.java index 836afbd..2373f0d 100644 --- a/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConstant.java +++ b/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConstant.java @@ -28,6 +28,8 @@ public class IoTDBConstant { public static final String GLOBAL_DB_NAME = "IoTDB"; public static final String VERSION = "0.10.0-SNAPSHOT"; + public static final String AUDIT_LOGGER_NAME = "IoTDB_AUDIT_LOGGER"; + public static final String IOTDB_JMX_PORT = "iotdb.jmx.port"; public static final String IOTDB_PACKAGE = "org.apache.iotdb.service"; diff --git a/server/src/main/java/org/apache/iotdb/db/service/TSServiceImpl.java b/server/src/main/java/org/apache/iotdb/db/service/TSServiceImpl.java index 11e3ac3..114a521 100644 --- a/server/src/main/java/org/apache/iotdb/db/service/TSServiceImpl.java +++ b/server/src/main/java/org/apache/iotdb/db/service/TSServiceImpl.java @@ -118,6 +118,7 @@ import org.slf4j.LoggerFactory; */ public class TSServiceImpl implements TSIService.Iface, ServerContext { + private static final Logger auditLogger = LoggerFactory.getLogger(IoTDBConstant.AUDIT_LOGGER_NAME); private static final Logger logger = LoggerFactory.getLogger(TSServiceImpl.class); private static final String INFO_NOT_LOGIN = "{}: Not login."; private static final int MAX_SIZE = @@ -162,11 +163,6 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext { @Override public TSOpenSessionResp openSession(TSOpenSessionReq req) throws TException { - logger.info( - "{}: receive open session request from username {}", - IoTDBConstant.GLOBAL_DB_NAME, - req.getUsername()); - boolean status; IAuthorizer authorizer; try { @@ -206,6 +202,7 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext { tsStatus = RpcUtils.getStatus(TSStatusCode.WRONG_LOGIN_PASSWORD_ERROR); tsStatus.setMessage(loginMessage); } + auditLogger.info("User {} opens Session-{}", req.getUsername(), sessionId); TSOpenSessionResp resp = new TSOpenSessionResp(tsStatus, TSProtocolVersion.IOTDB_SERVICE_PROTOCOL_V2); resp.setSessionId(sessionId); @@ -222,8 +219,8 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext { @Override public TSStatus closeSession(TSCloseSessionReq req) { - logger.info("{}: receive close session", IoTDBConstant.GLOBAL_DB_NAME); - long sessionId = currSessionId.get(); + long sessionId = req.getSessionId(); + auditLogger.info("Session-{} is closing", sessionId); currSessionId.remove(); TSStatus tsStatus; @@ -249,6 +246,7 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext { } } } + if (!exceptions.isEmpty()) { return new TSStatus( RpcUtils.getStatus( @@ -268,11 +266,12 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext { @Override public TSStatus closeOperation(TSCloseOperationReq req) { - if (logger.isDebugEnabled()) { - logger.debug("{}: receive close operation", IoTDBConstant.GLOBAL_DB_NAME); - } + if (auditLogger.isDebugEnabled()) { + auditLogger.debug("{}: receive close operation from Session {}", IoTDBConstant.GLOBAL_DB_NAME, + currSessionId.get()); + } if (!checkLogin(req.getSessionId())) { - logger.info(INFO_NOT_LOGIN, IoTDBConstant.GLOBAL_DB_NAME); + auditLogger.info(INFO_NOT_LOGIN, IoTDBConstant.GLOBAL_DB_NAME); return RpcUtils.getStatus(TSStatusCode.NOT_LOGIN_ERROR); } try { @@ -526,6 +525,7 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext { */ private TSExecuteStatementResp internalExecuteQueryStatement(String statement, long statementId, PhysicalPlan plan, int fetchSize, String username) { + auditLogger.info("Session {} execute Query: {}", currSessionId.get(), statement); long startTime = System.currentTimeMillis(); long queryId = -1; try { @@ -1061,6 +1061,10 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext { @Override public TSExecuteBatchStatementResp insertRecords(TSInsertRecordsReq req) { TSExecuteBatchStatementResp resp = new TSExecuteBatchStatementResp(); + auditLogger + .debug("Session {} insertRecords, first device {}, first time {}", currSessionId.get(), + req.deviceIds.get(0), req.getTimestamps().get(0)); + if (!checkLogin(req.getSessionId())) { logger.info(INFO_NOT_LOGIN, IoTDBConstant.GLOBAL_DB_NAME); resp.addToStatusList(RpcUtils.getStatus(TSStatusCode.NOT_LOGIN_ERROR)); @@ -1119,6 +1123,9 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext { @Override public TSStatus insertRecord(TSInsertRecordReq req) { try { + auditLogger + .info("Session {} insertRecord, device {}, time {}", currSessionId.get(), + req.getDeviceId(), req.getTimestamp()); if (!checkLogin(req.getSessionId())) { logger.info(INFO_NOT_LOGIN, IoTDBConstant.GLOBAL_DB_NAME); return RpcUtils.getStatus(TSStatusCode.NOT_LOGIN_ERROR); @@ -1315,6 +1322,7 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext { return RpcUtils.getStatus(TSStatusCode.NOT_LOGIN_ERROR); } + auditLogger.info("Session-{} create timeseries {}", currSessionId.get(), req.getPath()); TSStatus status = checkPathValidity(req.path); if (status != null) { return status; @@ -1337,6 +1345,8 @@ public class TSServiceImpl implements TSIService.Iface, ServerContext { logger.info(INFO_NOT_LOGIN, IoTDBConstant.GLOBAL_DB_NAME); return RpcUtils.getTSBatchExecuteStatementResp(TSStatusCode.NOT_LOGIN_ERROR); } + auditLogger.info("Session-{} create multi timeseries, first is {}", currSessionId.get(), + req.getPaths().get(0)); List<TSStatus> statusList = new ArrayList<>(req.paths.size()); for (int i = 0; i < req.paths.size(); i++) { CreateTimeSeriesPlan plan = new CreateTimeSeriesPlan(new Path(req.getPaths().get(i)),
