[jira] [Commented] (EAGLE-14) Re-assemble high level hdfs commands for better policy

Fri, 20 Nov 2015 13:53:59 -0800 

    [ 
https://issues.apache.org/jira/browse/EAGLE-14?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15018874#comment-15018874
 ] 

Edward Zhang commented on EAGLE-14:
-----------------------------------

This is reverse engineering to get what is the user command by analyzing 
patterns of fine-grained hdfs commands. Formally, one user command may 
generates multiple hdfs audit events, for example cmd1 -> {e1->e2->e3}. Eagle 
analyzes the pattern of e1->e2->e3 and figure out the user command is cmd1.

This approach is good and gracefully supported by Siddhi pattern match. But it 
still has some issues as follows.

1. a ->  b does not mean b -> a. a is a sufficiency for b for not a necessity, 
for example
    cmd1 -> {e1->e2->e3}
    cmd2 -> {e1->e2->e3}  
   Here we can't conclude it is cmd1 or cmd2 just by looking at the pattern 
"e1->e2->e3"

2. inclusive ambiguity, for example given a list of hdfs audit events 
e1->e2->e3->e4
    cmd1 -> {e1->e2>e3->e4}
    cmd2 -> {e2->e3}
  Here we will emit 2 commands because e2->e3 appears in 2 patterns, but that 
should be only cmd1

But fortunately we don't have too many ambiguity. I will implement that
    

> Re-assemble high level hdfs commands for better policy
> ------------------------------------------------------
>
>                 Key: EAGLE-14
>                 URL: https://issues.apache.org/jira/browse/EAGLE-14
>             Project: Eagle
>          Issue Type: Improvement
>            Reporter: Edward Zhang
>            Assignee: Edward Zhang
>   Original Estimate: 240h
>  Remaining Estimate: 240h
>
> User today can use Eagle to create policy against the finest granularity of 
> hdfs command for example getFileInfo, list, delete etc., but that sometimes 
> is not good for defining a policy against a user's native command.
> Hdfs client would interpret user's high level command into multiple fine 
> commands and send those fine commands to Hdfs server which in turn are logged 
> into namenode audit log. For example one copyToLocal high-level command 
> probably involves multiple fine commands like rename, move, delete etc.
> Eagle should have a capability to re-assemble those command in real-time to 
> let user define policy on those high-level commands.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to