[
https://issues.apache.org/jira/browse/KAFKA-2162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14625176#comment-14625176
]
Parth Brahmbhatt commented on KAFKA-2162:
-----------------------------------------
[~gwenshap] [~harsha_ch]
I don't completely agree with need to audit session/connection establishments
and termination. In a secure system with authorization, connecting/establishing
a session with a server does not buy a client anything unless they have
authorization on operations so auditing those events don't seem to be useful to
me. Ddosing based on authentication seems a different story and I don't think
auditing can really help much in that situation , we should rather rely on
quotas to prevent something like that from happening to begin with.
Ticket renewals: Given the server is going to use keytabs (or should use
keytabs) I think this is also not very useful but I know very little about
kerberos and it never seizes to surprise me so may be we do need this.
If we want to audit anything more than the authorizer operations we will have
to provide a pluggable auditor just like authorizer which means another config
and another interface.
> Kafka Auditing functionality
> ----------------------------
>
> Key: KAFKA-2162
> URL: https://issues.apache.org/jira/browse/KAFKA-2162
> Project: Kafka
> Issue Type: Bug
> Reporter: Sriharsha Chintalapani
> Assignee: Parth Brahmbhatt
>
> During Kafka authorization discussion thread . There was concerns raised
> about not having Auditing. Auditing is important functionality but its not
> part of authorizer. This jira will track adding audit functionality to kafka.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
