[jira] [Updated] (KNOX-272) Auditing content refinement

Thu, 20 Feb 2014 07:25:40 -0800 

     [ 
https://issues.apache.org/jira/browse/KNOX-272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kevin Minder updated KNOX-272:
------------------------------

    Description: 
User Columns
It still isn't clear to me exactly how we expect these to be used consistently.

# Authentication Failure
14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|success|Response 
status: 401
* We need really see if we can figure out a way to log an authentication|failre

# Redeployment
14/02/20 16:06:39 |||audit|||||redeploy|topology|sandbox|unavailable|
* I think there should be something in one of the user columns.

# Access (two records)
14/02/20 16:13:43 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
* I'm questioning the value of the first record but I understand that it might 
be important to have this to "bracket" the request processing.

# Access (status/outcome)
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
* I think that >=400 should use a failure outcome.

# Identity Mapping (Three Records)
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|guest|success|
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|hdfs|success|Groups:
 [admin]
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|*|success|Groups: 
[users]
* Three records seems excessive.  Can these be meaningfully combined?

# Knox Service
* What in these lines would identify this as a Knox audit record if/when it is 
centrally combined?



  was:
User Columns
It still isn't clear to me exactly how we expect these to be used consistently.

h1. Authentication Failure
14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|success|Response 
status: 401
* We need really see if we can figure out a way to log an authentication|failre

Redeployment
```
14/02/20 16:06:39 |||audit|||||redeploy|topology|sandbox|unavailable|
```
I think there should be something in one of the user columns.

Access (two records)
```
14/02/20 16:13:43 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
```
I'm questioning the value of the first record but I understand that it might be 
important to have this to "bracket" the request processing.

Access (status/outcome)
```
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
```
I think that >=400 should use a failure outcome.

Identity Mapping (Three Records)
```
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|guest|success|
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|hdfs|success|Groups:
 [admin]
14/02/20 16:15:11 
||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|*|success|Groups: 
[users]
```
Three records seems excessive.  Can these be meaningfully combined?

Knox Service
What in these lines would identify this as a Knox audit record if/when it is 
centrally combined?




> Auditing content refinement 
> ----------------------------
>
>                 Key: KNOX-272
>                 URL: https://issues.apache.org/jira/browse/KNOX-272
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 0.4.0
>            Reporter: Kevin Minder
>             Fix For: 0.4.0
>
>
> User Columns
> It still isn't clear to me exactly how we expect these to be used 
> consistently.
> # Authentication Failure
> 14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
> 14/02/20 16:14:45 ||...|audit|WEBHBASE||||access|uri|...|success|Response 
> status: 401
> * We need really see if we can figure out a way to log an 
> authentication|failre
> # Redeployment
> 14/02/20 16:06:39 |||audit|||||redeploy|topology|sandbox|unavailable|
> * I think there should be something in one of the user columns.
> # Access (two records)
> 14/02/20 16:13:43 ||...|audit|WEBHBASE||||access|uri|...|unavailable|
> 14/02/20 16:15:11 
> ||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
> * I'm questioning the value of the first record but I understand that it 
> might be important to have this to "bracket" the request processing.
> # Access (status/outcome)
> 14/02/20 16:15:11 
> ||...|audit|WEBHBASE|guest|hdfs||access|uri|...|success|Response status: 405
> * I think that >=400 should use a failure outcome.
> # Identity Mapping (Three Records)
> 14/02/20 16:15:11 
> ||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|guest|success|
> 14/02/20 16:15:11 
> ||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|hdfs|success|Groups:
>  [admin]
> 14/02/20 16:15:11 
> ||...|audit|WEBHBASE|guest|hdfs||identity-mapping|principal|*|success|Groups: 
> [users]
> * Three records seems excessive.  Can these be meaningfully combined?
> # Knox Service
> * What in these lines would identify this as a Knox audit record if/when it 
> is centrally combined?



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to