[
https://issues.apache.org/jira/browse/KNOX-390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14316546#comment-14316546
]
Kevin Minder edited comment on KNOX-390 at 2/11/15 5:08 PM:
------------------------------------------------------------
[~andreina], I really want this but I'm concerned about the implications of
changing the format of the audit line from a backward compatibility
perspective. This might be something that deserves a [DISCUSS] thread on the
dev @ knox mailing list.
Further, I'm not sure that the verb should be a first class attribute. I'm
still debating with myself here. Some background context is that we were once
planning on proposing a general auditing infrastructure to the Hadoop community
and our org.apache.hadoop.gateway.audit.api was the API evolving for that. In
that context we were trying to keep it generic (i.e. transport agnostic). That
lead to handling HTTP specific things in the message as is currently done here:
https://github.com/apache/knox/blob/master/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientDispatch.java#L144
{code}
auditor.audit(Action.DISPATCH, outboundRequest.getURI().toString(),
ResourceType.URI, ActionOutcome.SUCCESS, RES.responseStatus(statusCode));
{code}
So we need to decide to either be consistent with that or intentionally diverge
towards another goal.
Lastly though, the client ip address is clearly an oversight and should have
been in the original persisted audit record.
was (Author: kminder):
[~andreina], I really want this but I'm concerned about the implications of
changing the format of the audit line from a backward compatibility
perspective. This might be something that deserves a [DISCUSS] thread on the
dev @ knox mailing list.
Further, I'm not sure that the verb should be a first class attribute. I'm
still debating with myself here. Some background context is that we were once
planning on proposing a general auditing infrastructure to the Hadoop community
and our org.apache.hadoop.gateway.audit.api was the API evolving for that. In
that context we were trying to keep it generic (i.e. transport agnostic). That
lead to handling HTTP specific things in the message as is currently done here:
https://github.com/apache/knox/blob/master/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientDispatch.java#L144
{code}
auditor.audit(Action.DISPATCH, outboundRequest.getURI().toString(),
ResourceType.URI, ActionOutcome.SUCCESS, RES.responseStatus(statusCode));
{code}
So we need to decide to either be consistent with that or intentionally diverge
towards another goal.
Lastly though, the client ip address though is clearly an oversight and should
have been in the original persisted audit record.
> Include client IP and HTTP verb in audit log
> --------------------------------------------
>
> Key: KNOX-390
> URL: https://issues.apache.org/jira/browse/KNOX-390
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 0.4.0
> Reporter: Kevin Minder
> Fix For: 0.6.0
>
> Attachments: KNOX-390.1.patch
>
>
> The audit log should include the client's IP address as well as the incoming
> and outgoing HTTP verb.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
