This is an automated email from the ASF dual-hosted git repository.
haonan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 5f914f014e [IOTDB-3662] upgrade audit log (#8791)
5f914f014e is described below
commit 5f914f014ee6f4aae36bfd9d25ffe83204ab2444
Author: Zhijia Cao <[email protected]>
AuthorDate: Mon Jan 9 16:53:33 2023 +0800
[IOTDB-3662] upgrade audit log (#8791)
---
.../apache/iotdb/db/audit/AuditLogOperation.java | 31 +++
.../org/apache/iotdb/db/audit/AuditLogStorage.java | 29 +++
.../org/apache/iotdb/db/audit/AuditLogger.java | 236 +++++++++++++++++++++
.../java/org/apache/iotdb/db/conf/IoTDBConfig.java | 48 +++++
.../iotdb/db/query/control/SessionManager.java | 45 ++--
.../query/control/clientsession/ClientSession.java | 2 +-
.../service/thrift/impl/ClientRPCServiceImpl.java | 117 +++++++++-
7 files changed, 490 insertions(+), 18 deletions(-)
diff --git
a/server/src/main/java/org/apache/iotdb/db/audit/AuditLogOperation.java
b/server/src/main/java/org/apache/iotdb/db/audit/AuditLogOperation.java
new file mode 100644
index 0000000000..057f0589ba
--- /dev/null
+++ b/server/src/main/java/org/apache/iotdb/db/audit/AuditLogOperation.java
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.iotdb.db.audit;
+
+public enum AuditLogOperation {
+ DDL,
+ DML,
+ QUERY,
+ NULL;
+
+ @Override
+ public String toString() {
+ return name();
+ }
+}
diff --git
a/server/src/main/java/org/apache/iotdb/db/audit/AuditLogStorage.java
b/server/src/main/java/org/apache/iotdb/db/audit/AuditLogStorage.java
new file mode 100644
index 0000000000..1645a72913
--- /dev/null
+++ b/server/src/main/java/org/apache/iotdb/db/audit/AuditLogStorage.java
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.iotdb.db.audit;
+
+public enum AuditLogStorage {
+ IOTDB,
+ LOGGER;
+
+ @Override
+ public String toString() {
+ return name();
+ }
+}
diff --git a/server/src/main/java/org/apache/iotdb/db/audit/AuditLogger.java
b/server/src/main/java/org/apache/iotdb/db/audit/AuditLogger.java
new file mode 100644
index 0000000000..a407bd7b35
--- /dev/null
+++ b/server/src/main/java/org/apache/iotdb/db/audit/AuditLogger.java
@@ -0,0 +1,236 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.iotdb.db.audit;
+
+import org.apache.iotdb.commons.conf.IoTDBConstant;
+import org.apache.iotdb.commons.exception.IllegalPathException;
+import org.apache.iotdb.commons.path.PartialPath;
+import org.apache.iotdb.db.conf.IoTDBConfig;
+import org.apache.iotdb.db.conf.IoTDBDescriptor;
+import org.apache.iotdb.db.exception.query.QueryProcessException;
+import org.apache.iotdb.db.mpp.plan.Coordinator;
+import org.apache.iotdb.db.mpp.plan.analyze.ClusterPartitionFetcher;
+import org.apache.iotdb.db.mpp.plan.statement.Statement;
+import org.apache.iotdb.db.mpp.plan.statement.StatementType;
+import org.apache.iotdb.db.mpp.plan.statement.crud.InsertRowStatement;
+import org.apache.iotdb.db.query.control.SessionManager;
+import org.apache.iotdb.db.query.control.clientsession.ClientSession;
+import org.apache.iotdb.db.query.control.clientsession.IClientSession;
+import org.apache.iotdb.db.utils.DateTimeUtils;
+import org.apache.iotdb.rpc.IoTDBConnectionException;
+import org.apache.iotdb.tsfile.file.metadata.enums.TSDataType;
+import org.apache.iotdb.tsfile.utils.Binary;
+
+import org.jetbrains.annotations.NotNull;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.List;
+
+import static org.apache.iotdb.db.sync.pipedata.load.ILoader.SCHEMA_FETCHER;
+
+public class AuditLogger {
+ private static final Logger logger =
LoggerFactory.getLogger(AuditLogger.class);
+ private static final Logger AUDIT_LOGGER =
+ LoggerFactory.getLogger(IoTDBConstant.AUDIT_LOGGER_NAME);
+
+ private static final String LOG = "log";
+ private static final String USERNAME = "username";
+ private static final String ADDRESS = "address";
+ private static final String AUDIT_LOG_DEVICE = "root.__system.audit._%s";
+ private static final Coordinator COORDINATOR = Coordinator.getInstance();
+ private static final IoTDBConfig config =
IoTDBDescriptor.getInstance().getConfig();
+ private static final List<AuditLogStorage> auditLogStorageList =
config.getAuditLogStorage();
+
+ private static final List<AuditLogOperation> auditLogOperationList =
+ config.getAuditLogOperation();
+
+ private static final SessionManager SESSION_MANAGER =
SessionManager.getInstance();
+
+ private AuditLogger() {}
+
+ @NotNull
+ private static InsertRowStatement generateInsertStatement(
+ String log, String address, String username)
+ throws IoTDBConnectionException, IllegalPathException,
QueryProcessException {
+ InsertRowStatement insertStatement = new InsertRowStatement();
+ insertStatement.setDevicePath(new
PartialPath(String.format(AUDIT_LOG_DEVICE, username)));
+ insertStatement.setTime(DateTimeUtils.currentTime());
+ insertStatement.setMeasurements(new String[] {LOG, USERNAME, ADDRESS});
+ insertStatement.setAligned(false);
+ insertStatement.setValues(
+ new Object[] {new Binary(log), new Binary(username), new
Binary(address)});
+ insertStatement.setDataTypes(
+ new TSDataType[] {TSDataType.TEXT, TSDataType.TEXT, TSDataType.TEXT});
+ return insertStatement;
+ }
+
+ public static void log(String log, Statement statement) {
+ AuditLogOperation operation = judgeLogOperation(statement.getType());
+ IClientSession currSession = SessionManager.getInstance().getCurrSession();
+ String username = "";
+ String address = "";
+ if (currSession != null) {
+ ClientSession clientSession = (ClientSession) currSession;
+ String clientAddress = clientSession.getClientAddress();
+ int clientPort = ((ClientSession) currSession).getClientPort();
+ address = String.format("%s:%s", clientAddress, clientPort);
+ username = currSession.getUsername();
+ }
+
+ if (auditLogOperationList.contains(operation)) {
+ if (auditLogStorageList.contains(AuditLogStorage.IOTDB)) {
+ try {
+ COORDINATOR.execute(
+ generateInsertStatement(log, address, username),
+ SESSION_MANAGER.requestQueryId(),
+ SESSION_MANAGER.getSessionInfo(SESSION_MANAGER.getCurrSession()),
+ "",
+ ClusterPartitionFetcher.getInstance(),
+ SCHEMA_FETCHER);
+ } catch (IllegalPathException | IoTDBConnectionException |
QueryProcessException e) {
+ logger.error("write audit log series error,", e);
+ }
+ }
+ if (auditLogStorageList.contains(AuditLogStorage.LOGGER)) {
+ AUDIT_LOGGER.info("user:{},address:{},log:{}", username, address, log);
+ }
+ }
+ }
+
+ public static void log(String log, Statement statement, boolean isNativeApi)
{
+ if (isNativeApi) {
+ if (config.isEnableAuditLogForNativeInsertApi()) {
+ log(log, statement);
+ }
+ } else {
+ log(log, statement);
+ }
+ }
+
+ private static AuditLogOperation judgeLogOperation(StatementType type) {
+ switch (type) {
+ case AUTHOR:
+ case CREATE_USER:
+ case DELETE_USER:
+ case MODIFY_PASSWORD:
+ case GRANT_USER_PRIVILEGE:
+ case REVOKE_USER_PRIVILEGE:
+ case GRANT_USER_ROLE:
+ case REVOKE_USER_ROLE:
+ case CREATE_ROLE:
+ case DELETE_ROLE:
+ case GRANT_ROLE_PRIVILEGE:
+ case REVOKE_ROLE_PRIVILEGE:
+ case GRANT_WATERMARK_EMBEDDING:
+ case REVOKE_WATERMARK_EMBEDDING:
+ case SET_STORAGE_GROUP:
+ case DELETE_STORAGE_GROUP:
+ case CREATE_TIMESERIES:
+ case CREATE_ALIGNED_TIMESERIES:
+ case CREATE_MULTI_TIMESERIES:
+ case DELETE_TIMESERIES:
+ case ALTER_TIMESERIES:
+ case CHANGE_ALIAS:
+ case CHANGE_TAG_OFFSET:
+ case CREATE_FUNCTION:
+ case DROP_FUNCTION:
+ case CREATE_INDEX:
+ case DROP_INDEX:
+ case QUERY_INDEX:
+ case CREATE_TRIGGER:
+ case DROP_TRIGGER:
+ case CREATE_TEMPLATE:
+ case SET_TEMPLATE:
+ case MERGE:
+ case FULL_MERGE:
+ case MNODE:
+ case MEASUREMENT_MNODE:
+ case STORAGE_GROUP_MNODE:
+ case AUTO_CREATE_DEVICE_MNODE:
+ case TTL:
+ case FLUSH:
+ case CLEAR_CACHE:
+ case DELETE_PARTITION:
+ case LOAD_CONFIGURATION:
+ case CREATE_SCHEMA_SNAPSHOT:
+ case CREATE_CONTINUOUS_QUERY:
+ case DROP_CONTINUOUS_QUERY:
+ case SET_SYSTEM_MODE:
+ case UNSET_TEMPLATE:
+ case PRUNE_TEMPLATE:
+ case APPEND_TEMPLATE:
+ case DROP_TEMPLATE:
+ case CREATE_PIPESINK:
+ case DROP_PIPESINK:
+ case CREATE_PIPE:
+ case START_PIPE:
+ case STOP_PIPE:
+ case DROP_PIPE:
+ case DEACTIVATE_TEMPLATE:
+ return AuditLogOperation.DDL;
+ case LOAD_DATA:
+ case INSERT:
+ case BATCH_INSERT:
+ case BATCH_INSERT_ROWS:
+ case BATCH_INSERT_ONE_DEVICE:
+ case MULTI_BATCH_INSERT:
+ case DELETE:
+ case SELECT_INTO:
+ case LOAD_FILES:
+ case REMOVE_FILE:
+ case UNLOAD_FILE:
+ case ACTIVATE_TEMPLATE:
+ case SETTLE:
+ case INTERNAL_CREATE_TIMESERIES:
+ return AuditLogOperation.DML;
+ case LIST_USER:
+ case LIST_ROLE:
+ case LIST_USER_PRIVILEGE:
+ case LIST_ROLE_PRIVILEGE:
+ case LIST_USER_ROLES:
+ case LIST_ROLE_USERS:
+ case QUERY:
+ case LAST:
+ case GROUP_BY_TIME:
+ case GROUP_BY_FILL:
+ case AGGREGATION:
+ case FILL:
+ case UDAF:
+ case UDTF:
+ case SHOW:
+ case SHOW_MERGE_STATUS:
+ case KILL:
+ case TRACING:
+ case SHOW_CONTINUOUS_QUERIES:
+ case SHOW_SCHEMA_TEMPLATE:
+ case SHOW_NODES_IN_SCHEMA_TEMPLATE:
+ case SHOW_PATH_SET_SCHEMA_TEMPLATE:
+ case SHOW_PATH_USING_SCHEMA_TEMPLATE:
+ case SHOW_QUERY_RESOURCE:
+ case FETCH_SCHEMA:
+ case COUNT:
+ case SHOW_TRIGGERS:
+ return AuditLogOperation.QUERY;
+ default:
+ logger.error("Unrecognizable operator type ({}) for audit log", type);
+ return AuditLogOperation.NULL;
+ }
+ }
+}
diff --git a/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConfig.java
b/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConfig.java
index 0d33a52f1e..0268ff12a5 100644
--- a/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConfig.java
+++ b/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConfig.java
@@ -22,6 +22,8 @@ import org.apache.iotdb.common.rpc.thrift.TEndPoint;
import
org.apache.iotdb.commons.client.property.ClientPoolProperty.DefaultProperty;
import org.apache.iotdb.commons.conf.IoTDBConstant;
import org.apache.iotdb.consensus.ConsensusFactory;
+import org.apache.iotdb.db.audit.AuditLogOperation;
+import org.apache.iotdb.db.audit.AuditLogStorage;
import org.apache.iotdb.db.conf.directories.DirectoryManager;
import
org.apache.iotdb.db.engine.compaction.execute.performer.constant.CrossCompactionPerformer;
import
org.apache.iotdb.db.engine.compaction.execute.performer.constant.InnerSeqCompactionPerformer;
@@ -1052,6 +1054,20 @@ public class IoTDBConfig {
private long dataRatisLogMax = 20L * 1024 * 1024 * 1024; // 20G
private long schemaRatisLogMax = 2L * 1024 * 1024 * 1024; // 2G
+ /** whether to enable the audit log * */
+ private boolean enableAuditLog = false;
+
+ /** Output location of audit logs * */
+ private List<AuditLogStorage> auditLogStorage =
+ Arrays.asList(AuditLogStorage.IOTDB, AuditLogStorage.LOGGER);
+
+ /** Indicates the category collection of audit logs * */
+ private List<AuditLogOperation> auditLogOperation =
+ Arrays.asList(AuditLogOperation.DML, AuditLogOperation.DDL,
AuditLogOperation.QUERY);
+
+ /** whether the local write api records audit logs * */
+ private boolean enableAuditLogForNativeInsertApi = true;
+
// customizedProperties, this should be empty by default.
private Properties customizedProperties = new Properties();
@@ -3615,4 +3631,36 @@ public class IoTDBConfig {
public void setEnableCompactionValidation(boolean
enableCompactionValidation) {
this.enableCompactionValidation = enableCompactionValidation;
}
+
+ public boolean isEnableAuditLog() {
+ return enableAuditLog;
+ }
+
+ public void setEnableAuditLog(boolean enableAuditLog) {
+ this.enableAuditLog = enableAuditLog;
+ }
+
+ public List<AuditLogStorage> getAuditLogStorage() {
+ return auditLogStorage;
+ }
+
+ public void setAuditLogStorage(List<AuditLogStorage> auditLogStorage) {
+ this.auditLogStorage = auditLogStorage;
+ }
+
+ public List<AuditLogOperation> getAuditLogOperation() {
+ return auditLogOperation;
+ }
+
+ public void setAuditLogOperation(List<AuditLogOperation> auditLogOperation) {
+ this.auditLogOperation = auditLogOperation;
+ }
+
+ public boolean isEnableAuditLogForNativeInsertApi() {
+ return enableAuditLogForNativeInsertApi;
+ }
+
+ public void setEnableAuditLogForNativeInsertApi(boolean
enableAuditLogForNativeInsertApi) {
+ this.enableAuditLogForNativeInsertApi = enableAuditLogForNativeInsertApi;
+ }
}
diff --git
a/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java
b/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java
index d5bb66d2cd..4fd13c04d5 100644
--- a/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java
+++ b/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java
@@ -21,9 +21,13 @@ package org.apache.iotdb.db.query.control;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.conf.IoTDBConstant;
import org.apache.iotdb.commons.service.JMXService;
+import org.apache.iotdb.db.audit.AuditLogger;
import org.apache.iotdb.db.auth.AuthorizerManager;
+import org.apache.iotdb.db.conf.IoTDBDescriptor;
import org.apache.iotdb.db.conf.OperationType;
import org.apache.iotdb.db.mpp.common.SessionInfo;
+import org.apache.iotdb.db.mpp.plan.statement.StatementType;
+import org.apache.iotdb.db.mpp.plan.statement.sys.AuthorStatement;
import org.apache.iotdb.db.query.control.clientsession.IClientSession;
import org.apache.iotdb.db.service.basic.BasicOpenSessionResp;
import org.apache.iotdb.rpc.RpcUtils;
@@ -66,9 +70,14 @@ public class SessionManager implements SessionManagerMBean {
// The statementId is unique in one IoTDB instance.
private final AtomicLong statementIdGenerator = new AtomicLong();
+ private static final AuthorStatement AUTHOR_STATEMENT = new
AuthorStatement(StatementType.AUTHOR);
+
public static final TSProtocolVersion CURRENT_RPC_VERSION =
TSProtocolVersion.IOTDB_SERVICE_PROTOCOL_V3;
+ private static final boolean enableAuditLog =
+ IoTDBDescriptor.getInstance().getConfig().isEnableAuditLog();
+
protected SessionManager() {
// singleton
String mbeanName =
@@ -110,10 +119,20 @@ public class SessionManager implements
SessionManagerMBean {
openSessionResp.getMessage(),
username,
session);
+ if (enableAuditLog) {
+ AuditLogger.log(
+ String.format(
+ "%s: Login status: %s. User : %s, opens Session-%s",
+ IoTDBConstant.GLOBAL_DB_NAME, openSessionResp.getMessage(),
username, session),
+ AUTHOR_STATEMENT);
+ }
}
} else {
- AUDIT_LOGGER.info("User {} opens Session failed with an incorrect
password", username);
-
+ if (enableAuditLog) {
+ AuditLogger.log(
+ String.format("User %s opens Session failed with an incorrect
password", username),
+ AUTHOR_STATEMENT);
+ }
openSessionResp.sessionId(-1).setMessage(loginStatus.message).setCode(loginStatus.code);
}
@@ -131,13 +150,18 @@ public class SessionManager implements
SessionManagerMBean {
// }
IClientSession session1 = currSession.get();
if (session1 != null && session != session1) {
- AUDIT_LOGGER.error(
- "The client-{} is trying to close another session {}, pls check if
it's a bug",
- session,
- session1);
+ if (enableAuditLog) {
+ AuditLogger.log(
+ String.format(
+ "The client-%s is trying to close another session %s, pls
check if it's a bug",
+ session, session1),
+ AUTHOR_STATEMENT);
+ }
return false;
} else {
- AUDIT_LOGGER.info("Session-{} is closing", session);
+ if (enableAuditLog) {
+ AuditLogger.log(String.format("Session-%s is closing", session),
AUTHOR_STATEMENT);
+ }
return true;
}
}
@@ -169,13 +193,6 @@ public class SessionManager implements SessionManagerMBean
{
"Log in failed. Either you are not authorized or the session has
timed out.");
}
- if (AUDIT_LOGGER.isDebugEnabled()) {
- AUDIT_LOGGER.debug(
- "{}: receive close operation from Session {}",
- IoTDBConstant.GLOBAL_DB_NAME,
- currSession.get());
- }
-
try {
if (haveStatementId) {
if (haveSetQueryId) {
diff --git
a/server/src/main/java/org/apache/iotdb/db/query/control/clientsession/ClientSession.java
b/server/src/main/java/org/apache/iotdb/db/query/control/clientsession/ClientSession.java
index 77b0174c3a..c52a27b535 100644
---
a/server/src/main/java/org/apache/iotdb/db/query/control/clientsession/ClientSession.java
+++
b/server/src/main/java/org/apache/iotdb/db/query/control/clientsession/ClientSession.java
@@ -44,7 +44,7 @@ public class ClientSession extends IClientSession {
}
@Override
- int getClientPort() {
+ public int getClientPort() {
return clientSocket.getPort();
}
diff --git
a/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/ClientRPCServiceImpl.java
b/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/ClientRPCServiceImpl.java
index 6bd5294f8a..574c35795f 100644
---
a/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/ClientRPCServiceImpl.java
+++
b/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/ClientRPCServiceImpl.java
@@ -27,6 +27,7 @@ import org.apache.iotdb.commons.service.metric.MetricService;
import org.apache.iotdb.commons.service.metric.enums.Metric;
import org.apache.iotdb.commons.service.metric.enums.Tag;
import org.apache.iotdb.commons.utils.PathUtils;
+import org.apache.iotdb.db.audit.AuditLogger;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.conf.IoTDBConfig;
import org.apache.iotdb.db.conf.IoTDBDescriptor;
@@ -145,6 +146,8 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
private static final TSProtocolVersion CURRENT_RPC_VERSION =
TSProtocolVersion.IOTDB_SERVICE_PROTOCOL_V3;
+ private static final boolean enableAuditLog = config.isEnableAuditLog();
+
private final IPartitionFetcher PARTITION_FETCHER;
private final ISchemaFetcher SCHEMA_FETCHER;
@@ -204,6 +207,10 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
}
statementType = s.getType();
+ if (enableAuditLog) {
+ AuditLogger.log(statement, s);
+ }
+
queryId =
SESSION_MANAGER.requestQueryId(SESSION_MANAGER.getCurrSession(),
req.statementId);
// create and cache dataset
ExecutionResult result =
@@ -273,6 +280,9 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
return RpcUtils.getTSExecuteStatementResp(status);
}
+ if (enableAuditLog) {
+ AuditLogger.log(String.format("execute Raw Data Query: %s", req), s);
+ }
queryId =
SESSION_MANAGER.requestQueryId(SESSION_MANAGER.getCurrSession(),
req.statementId);
// create and cache dataset
ExecutionResult result =
@@ -336,6 +346,9 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
return RpcUtils.getTSExecuteStatementResp(status);
}
+ if (enableAuditLog) {
+ AuditLogger.log(String.format("Last Data Query: %s", req), s);
+ }
queryId =
SESSION_MANAGER.requestQueryId(SESSION_MANAGER.getCurrSession(),
req.statementId);
// create and cache dataset
ExecutionResult result =
@@ -570,6 +583,9 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
// Step 1: Create SetStorageGroupStatement
SetStorageGroupStatement statement =
(SetStorageGroupStatement)
StatementGenerator.createStatement(storageGroup);
+ if (enableAuditLog) {
+ AuditLogger.log(String.format("create database %s", storageGroup),
statement);
+ }
// permission check
TSStatus status =
AuthorityChecker.checkAuthority(statement,
SESSION_MANAGER.getCurrSession());
@@ -609,7 +625,9 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
// Step 1: transfer from TSCreateTimeseriesReq to Statement
CreateTimeSeriesStatement statement =
(CreateTimeSeriesStatement) StatementGenerator.createStatement(req);
-
+ if (enableAuditLog) {
+ AuditLogger.log(String.format("create timeseries %s", req.getPath()),
statement);
+ }
// permission check
TSStatus status =
AuthorityChecker.checkAuthority(statement,
SESSION_MANAGER.getCurrSession());
@@ -653,7 +671,12 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
// Step 1: transfer from CreateAlignedTimeSeriesReq to Statement
CreateAlignedTimeSeriesStatement statement =
(CreateAlignedTimeSeriesStatement)
StatementGenerator.createStatement(req);
-
+ if (enableAuditLog) {
+ AuditLogger.log(
+ String.format(
+ "create aligned timeseries %s.%s", req.getPrefixPath(),
req.getMeasurements()),
+ statement);
+ }
// permission check
TSStatus status =
AuthorityChecker.checkAuthority(statement,
SESSION_MANAGER.getCurrSession());
@@ -695,7 +718,13 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
// Step 1: transfer from CreateMultiTimeSeriesReq to Statement
CreateMultiTimeSeriesStatement statement =
(CreateMultiTimeSeriesStatement)
StatementGenerator.createStatement(req);
-
+ if (enableAuditLog) {
+ AuditLogger.log(
+ String.format(
+ "create %s timeseries, the first is %s",
+ req.getPaths().size(), req.getPaths().get(0)),
+ statement);
+ }
// permission check
TSStatus status =
AuthorityChecker.checkAuthority(statement,
SESSION_MANAGER.getCurrSession());
@@ -772,6 +801,10 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
DeleteStorageGroupStatement statement =
(DeleteStorageGroupStatement)
StatementGenerator.createStatement(storageGroups);
+ if (enableAuditLog) {
+ AuditLogger.log(String.format("delete databases: %s", storageGroups),
statement);
+ }
+
// permission check
TSStatus status =
AuthorityChecker.checkAuthority(statement,
SESSION_MANAGER.getCurrSession());
@@ -837,6 +870,10 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
return status;
}
+ if (enableAuditLog) {
+ AuditLogger.log(statement, s);
+ }
+
long queryId = SESSION_MANAGER.requestQueryId();
type = s.getType();
// create and cache dataset
@@ -948,6 +985,15 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
}
+ if (enableAuditLog) {
+ AuditLogger.log(
+ String.format(
+ "insertRecords, first device %s, first time %s",
+ req.prefixPaths.get(0), req.getTimestamps().get(0)),
+ statement,
+ true);
+ }
+
// permission check
TSStatus status =
AuthorityChecker.checkAuthority(statement,
SESSION_MANAGER.getCurrSession());
@@ -1000,6 +1046,15 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
}
+ if (enableAuditLog) {
+ AuditLogger.log(
+ String.format(
+ "insertRecords, first device %s, first time %s",
+ req.prefixPath, req.getTimestamps().get(0)),
+ statement,
+ true);
+ }
+
// permission check
TSStatus status =
AuthorityChecker.checkAuthority(statement,
SESSION_MANAGER.getCurrSession());
@@ -1052,6 +1107,14 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
}
+ if (enableAuditLog) {
+ AuditLogger.log(
+ String.format(
+ "insertRecords, first device %s, first time %s",
+ req.prefixPath, req.getTimestamps().get(0)),
+ statement,
+ true);
+ }
// permission check
TSStatus status =
AuthorityChecker.checkAuthority(statement,
SESSION_MANAGER.getCurrSession());
@@ -1104,6 +1167,14 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
}
+ if (enableAuditLog) {
+ AuditLogger.log(
+ String.format(
+ "insertRecord, device %s, time %s", req.getPrefixPath(),
req.getTimestamp()),
+ statement,
+ true);
+ }
+
// permission check
TSStatus status =
AuthorityChecker.checkAuthority(statement,
SESSION_MANAGER.getCurrSession());
@@ -1251,6 +1322,15 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
}
+ if (enableAuditLog) {
+ AuditLogger.log(
+ String.format(
+ "insertRecords, first device %s, first time %s",
+ req.prefixPaths.get(0), req.getTimestamps().get(0)),
+ statement,
+ true);
+ }
+
// permission check
TSStatus status =
AuthorityChecker.checkAuthority(statement,
SESSION_MANAGER.getCurrSession());
@@ -1384,6 +1464,9 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
// Step 1: transfer from TSCreateSchemaTemplateReq to Statement
CreateSchemaTemplateStatement statement =
StatementGenerator.createStatement(req);
+ if (enableAuditLog) {
+ AuditLogger.log(String.format("create schema template %s",
req.getName()), statement);
+ }
// permission check
TSStatus status =
AuthorityChecker.checkAuthority(statement,
SESSION_MANAGER.getCurrSession());
@@ -1475,6 +1558,9 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
return resp;
}
+ if (enableAuditLog) {
+ AuditLogger.log(String.format("execute Query: %s", statement),
statement);
+ }
long queryId = SESSION_MANAGER.requestQueryId();
// create and cache dataset
ExecutionResult executionResult =
@@ -1538,6 +1624,12 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
// Step 1: transfer from TSCreateSchemaTemplateReq to Statement
SetSchemaTemplateStatement statement =
StatementGenerator.createStatement(req);
+ if (enableAuditLog) {
+ AuditLogger.log(
+ String.format("set schema template %s.%s", req.getTemplateName(),
req.getPrefixPath()),
+ statement);
+ }
+
// permission check
TSStatus status =
AuthorityChecker.checkAuthority(statement,
SESSION_MANAGER.getCurrSession());
@@ -1575,6 +1667,13 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
// Step 1: transfer from TSCreateSchemaTemplateReq to Statement
UnsetSchemaTemplateStatement statement =
StatementGenerator.createStatement(req);
+ if (enableAuditLog) {
+ AuditLogger.log(
+ String.format(
+ "unset schema template %s from %s", req.getTemplateName(),
req.getPrefixPath()),
+ statement);
+ }
+
// permission check
TSStatus status =
AuthorityChecker.checkAuthority(statement,
SESSION_MANAGER.getCurrSession());
@@ -1612,6 +1711,10 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
// Step 1: transfer from TSCreateSchemaTemplateReq to Statement
DropSchemaTemplateStatement statement =
StatementGenerator.createStatement(req);
+ if (enableAuditLog) {
+ AuditLogger.log(String.format("drop schema template %s",
req.getTemplateName()), statement);
+ }
+
// permission check
TSStatus status =
AuthorityChecker.checkAuthority(statement,
SESSION_MANAGER.getCurrSession());
@@ -1681,6 +1784,14 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
InsertRowStatement statement = (InsertRowStatement)
StatementGenerator.createStatement(req);
+ if (enableAuditLog) {
+ AuditLogger.log(
+ String.format(
+ "insertStringRecord, device %s, time %s", req.getPrefixPath(),
req.getTimestamp()),
+ statement,
+ true);
+ }
+
// permission check
TSStatus status =
AuthorityChecker.checkAuthority(statement,
SESSION_MANAGER.getCurrSession());
