[jira] [Comment Edited] (KNOX-23) Generate audit log of all gateway activity

Fri, 24 Jan 2014 10:04:32 -0800 

    [ 
https://issues.apache.org/jira/browse/KNOX-23?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13881214#comment-13881214
 ] 

Kevin Minder edited comment on KNOX-23 at 1/24/14 6:02 PM:
-----------------------------------------------------------

I'd like to see if we could be more explicit for authentication failures.  
Currently the following audit records are written for 3) Request to HBase with 
incorrect password
14/01/24 09:22:05 
||90b820a9-2b73-494a-9afb-66f60cd55678|audit|WEBHBASE||||access|uri|/gateway/sandbox/hbase|unavailable|
14/01/24 09:22:05 
||90b820a9-2b73-494a-9afb-66f60cd55678|audit|WEBHBASE||||access|uri|/gateway/sandbox/hbase|success|Response
 status: 401
I'd like to see if something more like the authorization records could be 
written as well.
14/01/24 09:22:21 
||a2e2c933-3192-466a-a688-fd81ec18534c|audit|WEBHDFS|guest|hdfs||authorization|uri|/gateway/sandbox/webhdfs/v1/user/?op=LISTSTATUS|failure|
This will likely require deeper integration with Shiro some how.


was (Author: kminder):
I'd like to see if we could be more explicit for authentication failures.  
Currently the following audit records are written for 3) Request to HBase with 
incorrect password
14/01/24 09:22:05 
||90b820a9-2b73-494a-9afb-66f60cd55678|audit|WEBHBASE||||access|uri|/gateway/sandbox/hbase|unavailable|
14/01/24 09:22:05 
||90b820a9-2b73-494a-9afb-66f60cd55678|audit|WEBHBASE||||access|uri|/gateway/sandbox/hbase|success|Response
 status: 401
I'd like to see if something more like the authorization records could be 
written as well.
14/01/24 09:22:21 
||a2e2c933-3192-466a-a688-fd81ec18534c|audit|WEBHDFS|guest|hdfs||authorization|uri|/gateway/sandbox/webhdfs/v1/user/?op=LISTSTATUS|failure|


> Generate audit log of all gateway activity
> ------------------------------------------
>
>                 Key: KNOX-23
>                 URL: https://issues.apache.org/jira/browse/KNOX-23
>             Project: Apache Knox
>          Issue Type: New Feature
>          Components: Server
>    Affects Versions: 0.2.0
>            Reporter: Kevin Minder
>            Assignee: Vladimir Tkhir
>             Fix For: 0.4.0
>
>         Attachments: KNOX-23.patch, gateway-audit.log
>
>
> From BUG-4302
> All interactions that pass through the gateway should be recorded in a 
> separate audit log. This should include the IP and principal of the caller 
> and potentially some service specific information (e.g. HDFS file name)



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to