Vinay Shukla created HADOOP-10569:
-------------------------------------
Summary: Normalize Hadoop Audit Logs
Key: HADOOP-10569
URL: https://issues.apache.org/jira/browse/HADOOP-10569
Project: Hadoop Common
Issue Type: Improvement
Components: security
Reporter: Vinay Shukla
It will be very useful to normalized the audit format across various Hadoop
components.
A common audit format will help both tools understand the audit record
consistenlty across sub-projects and will be easier for humans.
If a new common audit format is devised it will be useful to consider the 7 W's
of audit
1. What Action & with What Results - E.g What was done, action initiated, API
invoked, Job Submitted and etc. - What were the results (success, failure etc)
2. Who - E.g User, Proxy User (If available), IP Address (if available)
3. When - Timestamp,
4. Where - What subsystem, component, node name
5. Why : Now why is difficult to answer. However with Audit event correction we
can provide better context. E.g A user submitted PIG script that results in
some MR jobs and HDFS read/writes can be correlated.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
