[jira] Commented: (HBASE-2014) [DAC] Audit

Thu, 03 Dec 2009 21:21:55 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-2014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12785769#action_12785769
 ] 

stack commented on HBASE-2014:
------------------------------

I like the idea of audit logs going out via commons logging so you could hook 
up a sink of your choosing (and yes, sink could be an hbase table.. we could 
write a logger plugin for log4j or some such to do this).

> [DAC] Audit
> -----------
>
>                 Key: HBASE-2014
>                 URL: https://issues.apache.org/jira/browse/HBASE-2014
>             Project: Hadoop HBase
>          Issue Type: Sub-task
>            Reporter: Andrew Purtell
>            Assignee: Andrew Purtell
>             Fix For: 0.22.0
>
>
> Audit: Important actions taken by subjects should be logged for 
> accountability, a chronological record which enables the full reconstruction 
> and examination of a sequence of events, e.g. schema changes or data 
> mutations. Logging activity should be protected from all subjects except for 
> a restricted set with administrative privilege, perhaps to only a single 
> super-user.
> Support dynamic scaling transparently and support multi-tenant. Acquire 
> enough detail and support streamline auditing in time. Should be configurable 
> on a per-table basis to avoid this overhead where it is not wanted.
> Consider logging audit trails to an HBase table (bigtable type schemas are 
> natural for this) and also external options with Java library support - 
> syslog, etc., or maybe commons-logging is sufficient and punt to 
> administrator to set up appropriate commons-logging/log4j configurations for 
> their needs.
> Consider integration with Scribe (http://developers.facebook.com/scribe/) or 
> Chukwa (http://wiki.apache.org/hadoop/Chukwa).
> * Session information (Required)
> ** Client, server, When, How, Where.
> * Command information (Required)
> ** Command detail and intent
> ** Command result and why
> ** Data event (input and output interested data, depends on predefined 
> policy) 
> *** Metadata, data detail, session identity and command identity, data 
> direction, etc.
> ** Command Counts (optional)
> *** Execution duration
> *** Response/request data amount
> *** Resource usage
> * Node status
> ** Node resource counts
> ** Session status
> ** Abnormal events (Required)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to