[jira] [Commented] (HDFS-9395) Make HDFS audit logging consistant

Fri, 26 Feb 2016 07:43:00 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-9395?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15169208#comment-15169208
 ] 

Kihwal Lee commented on HDFS-9395:
----------------------------------

The two tests failed due to OOM and timeout.  It must be the environment. They 
all pass with the patch when I ran.
{noformat}
-------------------------------------------------------
 T E S T S
-------------------------------------------------------
OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=768m; support was 
removed in 8.0
Running org.apache.hadoop.hdfs.server.namenode.snapshot.TestRenameWithSnapshots
Tests run: 36, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 217.27 sec - 
in org.apache.hadoop.hdfs.server.namenode.snapshot.TestRenameWithSnapshots
OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=768m; support was 
removed in 8.0
Running org.apache.hadoop.tools.TestJMXGet
Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 26.792 sec - in 
org.apache.hadoop.tools.TestJMXGet

Results :

Tests run: 38, Failures: 0, Errors: 0, Skipped: 0
{noformat}

+1 for the branch-2.7 patch. It looks like a correct port.

> Make HDFS audit logging consistant
> ----------------------------------
>
>                 Key: HDFS-9395
>                 URL: https://issues.apache.org/jira/browse/HDFS-9395
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Kihwal Lee
>            Assignee: Kuhu Shukla
>             Fix For: 2.8.0
>
>         Attachments: HDFS-9395-branch-2.7.001.patch, 
> HDFS-9395-branch-2.7.002.patch, HDFS-9395.001.patch, HDFS-9395.002.patch, 
> HDFS-9395.003.patch, HDFS-9395.004.patch, HDFS-9395.005.patch, 
> HDFS-9395.006.patch, HDFS-9395.007.patch
>
>
> So, the big question here is what should go in the audit log? All failures, 
> or just "permission denied" failures? Or, to put it a different way, if 
> someone attempts to do something and it fails because a file doesn't exist, 
> is that worth an audit log entry?
> We are currently inconsistent on this point. For example, concat, 
> getContentSummary, addCacheDirective, and setErasureEncodingPolicy create an 
> audit log entry for all failures, but setOwner, delete, and setAclEntries 
> attempt to only create an entry for AccessControlException-based failures. 
> There are a few operations, like allowSnapshot, disallowSnapshot, and 
> startRollingUpgrade that never create audit log failure entries at all. They 
> simply log nothing for any failure, and log success for a successful 
> operation.
> So to summarize, different HDFS operations currently fall into 3 categories:
> 1. audit-log all failures
> 2. audit-log only AccessControlException failures
> 3. never audit-log failures
> Which category is right?  And how can we fix the inconsistency



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to