[
https://issues.apache.org/jira/browse/ZOOKEEPER-1260?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16142330#comment-16142330
]
ASF GitHub Bot commented on ZOOKEEPER-1260:
-------------------------------------------
Github user afine commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/338#discussion_r135361252
--- Diff:
src/java/main/org/apache/zookeeper/server/FinalRequestProcessor.java ---
@@ -465,6 +490,129 @@ public void processRequest(Request request) {
}
}
+ private void addSuccessAudit(Request request,ServerCnxn cnxn, String
op, String path) {
+ addSuccessAudit(request, cnxn, op, path, null);
+ }
+
+ private void addSuccessAudit(Request request,ServerCnxn cnxn, String
op, String path, String acl) {
+ if (ZKAuditLogger.isAuditDisabled) {
+ return;
+ }
+ ZKAuditLogger.logSuccess(request.getUsers(), op, path, acl,
+ getSessionId(cnxn), getHostAddress(cnxn));
+ }
+
+ private void addFailureAudit(Request request,ServerCnxn cnxn, String
op, String path) {
+ addFailureAudit(request, cnxn, op, path, null);
+ }
+
+ private void addFailureAudit(Request request,ServerCnxn cnxn, String
op, String path, String acl) {
+ if (ZKAuditLogger.isAuditDisabled) {
+ return;
+ }
+ ZKAuditLogger.logFailure(request.getUsers(), op, path, acl,
+ getSessionId(cnxn), getHostAddress(cnxn));
+ }
+
+ private void addAuditLog(Request request, ServerCnxn cnxn, String op,
String path, String acl,
+ Code err) {
+ if (ZKAuditLogger.isAuditDisabled) {
+ return;
+ }
+ if (err == Code.OK) {
+ ZKAuditLogger.logSuccess(request.getUsers(), op, path, acl,
getSessionId(cnxn),
+ getHostAddress(cnxn));
+ } else {
+ ZKAuditLogger.logFailure(request.getUsers(), op, path, acl,
getSessionId(cnxn),
+ getHostAddress(cnxn));
+ }
+ }
+
+ private String getACLs(Request request)
+ {
+ ByteBuffer reqData = request.request.duplicate();
+ reqData.rewind();
+ SetACLRequest setACLRequest = new SetACLRequest();
+ try {
+ ByteBufferInputStream.byteBuffer2Record(reqData,
setACLRequest);
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ return ZKUtil.aclToString(setACLRequest.getAcl());
+ }
+
+ private void addFailedTxnAduitLog(Request request) {
+ if (ZKAuditLogger.isAuditDisabled) {
+ return;
+ }
+ String op = AuditConstants.OP_CREATE;
+ if (request.cnxn == null) {
+ return;
+ }
+ String path=null;
+ long sessionId = -1;
+ String address = null;
+ String acls = null;
+ boolean exceptionOccured = false;
+ ByteBuffer reqData = request.request.duplicate();
+ reqData.rewind();
+ try {
+ sessionId = request.cnxn.getSessionId();
+ switch (request.type) {
+ case OpCode.create:
+ case OpCode.create2:
+ case OpCode.createContainer:
+ op = AuditConstants.OP_CREATE;
+ CreateRequest createRequest = new CreateRequest();
+ ByteBufferInputStream.byteBuffer2Record(reqData,
createRequest);
+ path=createRequest.getPath();
+ break;
+ case OpCode.delete:
+ case OpCode.deleteContainer:
+ op = AuditConstants.OP_DELETE;
+ //path = new String(request.request.array());
+ DeleteRequest deleteRequest = new DeleteRequest();
+ ByteBufferInputStream.byteBuffer2Record(reqData,
deleteRequest);
+ path=deleteRequest.getPath();
+ break;
+ case OpCode.setData:
+ op = AuditConstants.OP_SETDATA;
+ SetDataRequest setDataRequest = new SetDataRequest();
+ ByteBufferInputStream.byteBuffer2Record(reqData,
setDataRequest);
+ path=setDataRequest.getPath();
+ break;
+ case OpCode.setACL:
+ op = AuditConstants.OP_SETACL;
+ SetACLRequest setACLRequest = new SetACLRequest();
+ ByteBufferInputStream.byteBuffer2Record(reqData,
setACLRequest);
+ path=setACLRequest.getPath();
+ acls = ZKUtil.aclToString(setACLRequest.getAcl());
+ break;
+ case OpCode.multi:
+ op = AuditConstants.OP_MULTI_OP;
+ break;
+ case OpCode.reconfig:
+ op = AuditConstants.OP_RECONFIG;
+ break;
+ }
+ if (request.cnxn != null
+ && request.cnxn.getRemoteSocketAddress() != null
+ && request.cnxn.getRemoteSocketAddress().getAddress()
!= null) {
+ address =
request.cnxn.getRemoteSocketAddress().getAddress()
+ .getHostAddress();
+ }
+ } catch (Throwable e) {
+ exceptionOccured = true;
+ LOG.error("Failed to audit log request {} failure",
request.type, e);
+ }
+ if (!exceptionOccured) {
+ if (ZKAuditLogger.isAuditEnabled) {
--- End diff --
nit: we can combine these if statements
alternatively you can return in the catch block
> Audit logging in ZooKeeper servers.
> -----------------------------------
>
> Key: ZOOKEEPER-1260
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1260
> Project: ZooKeeper
> Issue Type: New Feature
> Components: server
> Reporter: Mahadev konar
> Assignee: Mohammad Arshad
> Fix For: 3.5.4, 3.6.0
>
> Attachments: ZOOKEEPER-1260-01.patch, zookeeperAuditLogs.pdf
>
>
> Lots of users have had questions on debugging which client changed what znode
> and what updates went through a znode. We should add audit logging as in
> Hadoop (look at Namenode Audit logging) to log which client changed what in
> the zookeeper servers. This could just be a log4j audit logger.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
