[
https://issues.apache.org/jira/browse/HADOOP-3336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12593685#action_12593685
]
Chris Douglas commented on HADOOP-3336:
---------------------------------------
The easiest way to implement this will be by adding a log4j appender that emits
events from FSNamesystem. This way, it can be turned off by default but
enabled/configured by administrators. The subset of events should probably be
restricted to those mapped to DFSClient calls. As a first pass: create
(startFile), mkdirs, setOwner, setPermission, delete, rename, open
(getBlockLocations?), getFileStatus, setReplication, and listStatus all look
like reasonable events to log. For all events, the ugi and path will be logged
(date/time, etc. should be handled by the appender). For create, mkdirs,
setOwner, and setPermission, both the ugi and the FsPermission information will
be logged.
Thoughts? This isn't designed to be a secure audit log- and I'm sure issues
like HADOOP-1741 will affect the approach to future audit logging- but it
should provide sufficient information for administrators to manage HDFS.
> Direct a subset of namenode RPC events for audit logging
> ---------------------------------------------------------
>
> Key: HADOOP-3336
> URL: https://issues.apache.org/jira/browse/HADOOP-3336
> Project: Hadoop Core
> Issue Type: New Feature
> Components: dfs
> Reporter: Chris Douglas
>
> A non-persistent transaction log will permit managers of HDFS installations
> to monitor and reconstruct user activity in HDFS for forensic analysis and
> maintenance.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
