[
https://issues.apache.org/jira/browse/KNOX-1091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16364434#comment-16364434
]
Kevin Risden commented on KNOX-1091:
------------------------------------
Thanks [~smore] for taking a look. I did not see a correlation between number
of concurrent requests and duplicated UUIDs. It looks like there is a skew
towards a few UUIDs.
Here is the tail of the last 5 sorted by most duplicated for 1000 total
requests with 100 concurrent connections on Knox 1.0.0.
{noformat}
[knox-1.0.0]$ grep -F access logs/gateway-audit.log | cut -d'|' -f3 | sort |
uniq -c | sort -n | tail -n5
8 a781630c-93b8-48c2-a6fd-aaa428a6bf14
8 f0ab4c10-0dc7-41ef-a27a-9aebe9c8ce58
9 985df820-a82c-4704-b773-016769413cc2
43 b46b3f23-5514-401c-bfee-440790e54b31
95 73e77c01-054b-4063-8fd2-c1a3cabdfe4c{noformat}
So you can see that for the 1000 total requests, the UUID duplicate is
clustered quite strongly around a few UUIDs. This happens basically the same
way for fewer than 100 concurrent connections numbers just end up being smaller.
> Knox Audit Logging - duplicate correlation ids
> ----------------------------------------------
>
> Key: KNOX-1091
> URL: https://issues.apache.org/jira/browse/KNOX-1091
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Kevin Risden
> Priority: Major
>
> From the Knox User list thread: "Multiple topology audit logging", it came to
> my attention that Knox seems to be logging duplicate correlation ids.
> Separating out the topic specifically here to dig a bit deeper.
> While looking at our Knox audit logs (Knox 0.9 on HDP 2.5) the "correlation
> id" doesn't seem to be unique across requests. Is this to be expected? Here
> is a snippet (anonymized):
> grep 7557c91b-2a48-4e09-aefc-44e9892372da /var/knox/gateway-audit.log
> {code}
> 17/10/10 12:50:09
> ||7557c91b-2a48-4e09-aefc-44e9892372da|audit|WEBHBASE||||access|uri|/gateway/HADOOPTEST/hbase/hbase/NAMESPACE1:TABLE1/ID1//|unavailable|Request
> method: GET
> 17/10/10 12:50:09
> ||7557c91b-2a48-4e09-aefc-44e9892372da|audit|WEBHBASE|USER1|||authentication|uri|/gateway/HADOOPPROD/hbase/NAMESPACE2:TABLE2/multiget?row=ID2%2fd%3araw&|success|
> 17/10/10 12:50:09
> ||7557c91b-2a48-4e09-aefc-44e9892372da|audit|WEBHBASE|USER1|||authentication|uri|/gateway/HADOOPPROD/hbase/NAMESPACE2:TABLE2/multiget?row=ID2%2fd%3araw&|success|Groups:
> []
> 17/10/10 12:50:09
> ||7557c91b-2a48-4e09-aefc-44e9892372da|audit|WEBHBASE|USER1|||dispatch|uri|http://WEBHBASE.example.com:8084/NAMESPACE2:TABLE2/multiget?doAs=USER1&row=ID2%2Fd%3Araw|unavailable|Request
> method: GET
> 17/10/10 12:50:09
> ||7557c91b-2a48-4e09-aefc-44e9892372da|audit|WEBHBASE|USER1|||dispatch|uri|http://WEBHBASE.example.com:8084/NAMESPACE2:TABLE2/multiget?doAs=USER1&row=ID2%2Fd%3Araw|success|Response
> status: 200
> 17/10/10 12:50:09
> ||7557c91b-2a48-4e09-aefc-44e9892372da|audit|WEBHBASE|USER1|||access|uri|/gateway/HADOOPPROD/hbase/NAMESPACE2:TABLE2/multiget?row=ID2%2fd%3araw&|success|Response
> status: 200
> 17/10/10 12:50:09
> ||7557c91b-2a48-4e09-aefc-44e9892372da|audit|WEBHBASE||||authentication|principal|USER2|failure|LDAP
> authentication failed.
> 17/10/10 12:50:09
> ||7557c91b-2a48-4e09-aefc-44e9892372da|audit|WEBHBASE||||access|uri|/gateway/HADOOPTEST/hbase/hbase/NAMESPACE1:TABLE2/ID1//|success|Response
> status: 401
> {code}
> The things to highlight here for the same correlation id:
> * different topologies are being used
> * different uris are being used
> * different users are being used
> Some of the things that we have configured that could impact results:
> * authentication caching
> * multiple Knox servers
> * load balancer in front of Knox
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
