[jira] [Updated] (HDFS-16944) Add audit log for RouterAdminServer to save privileged operation log seperately.

Beibei Zhao (Jira) Wed, 08 Mar 2023 07:44:27 -0800


     [ 
https://issues.apache.org/jira/browse/HDFS-16944?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Beibei Zhao updated HDFS-16944:
-------------------------------
    Description: 
We found that in other components (like namenode in hdfs or resourcemanager in 
yarn), *debug log and audit log are record seperately*.

There are lots of *simple *logs to help with debugging for the *developers *who 
can access to the source code. And there are also audit logs record *privileged 
operations* with more *detailed* information to help *system admins* understand 
what happened in a real run. 

There is an example in yarn: 
{code:java}
  public static final Log auditLog = LogFactory.getLog(
      FSNamesystem.class.getName() + ".audit");

try {
      // Safety
      userUgi = UserGroupInformation.getCurrentUser();
      user = userUgi.getShortUserName();
    } catch (IOException ie) {
      LOG.warn("Unable to get the current user.", ie); // debug log
      RMAuditLogger.logFailure(user, AuditConstants.SUBMIT_APP_REQUEST,
          ie.getMessage(), "ClientRMService",
          "Exception in submitting application", applicationId, callerContext,
          submissionContext.getQueue()); // audit log
      throw RPCUtil.getRemoteException(ie);
    }
{code}
So I suggest to add an audit log for *RouterAdminServer* to save privileged 
operation logs seperately.

{code:java}
// hadoop security
public static final Logger AUDITLOG =
      LoggerFactory.getLogger(
          "SecurityLogger." + ServiceAuthorizationManager.class.getName());
// namenode
  public static final Log auditLog = LogFactory.getLog(
      FSNamesystem.class.getName() + ".audit");
{code}
I choose className.audit finally.
 
 
 

  was:
We found that in other components (like namenode in hdfs or resourcemanager in 
yarn), *debug log and audit log are record seperately*.

There are lots of *simple *logs to help with debugging for the developers who 
can access to the source code. And there are also audit logs record privileged 
operations with more detailed information to help system admins or users 
understand what happened in a real run. 

There is an example in yarn: 
{code:java}
  public static final Log auditLog = LogFactory.getLog(
      FSNamesystem.class.getName() + ".audit");

try {
      // Safety
      userUgi = UserGroupInformation.getCurrentUser();
      user = userUgi.getShortUserName();
    } catch (IOException ie) {
      LOG.warn("Unable to get the current user.", ie); // debug log
      RMAuditLogger.logFailure(user, AuditConstants.SUBMIT_APP_REQUEST,
          ie.getMessage(), "ClientRMService",
          "Exception in submitting application", applicationId, callerContext,
          submissionContext.getQueue()); // audit log
      throw RPCUtil.getRemoteException(ie);
    }
{code}
So I suggest to add an audit log for *RouterAdminServer* to save privileged 
operation logs seperately.

{code:java}
// hadoop security
public static final Logger AUDITLOG =
      LoggerFactory.getLogger(
          "SecurityLogger." + ServiceAuthorizationManager.class.getName());
// namenode
  public static final Log auditLog = LogFactory.getLog(
      FSNamesystem.class.getName() + ".audit");
{code}
I choose className.audit finally.
 
 
 


> Add audit log for RouterAdminServer to save privileged operation log 
> seperately.
> --------------------------------------------------------------------------------
>
>                 Key: HDFS-16944
>                 URL: https://issues.apache.org/jira/browse/HDFS-16944
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: federation
>    Affects Versions: 3.3.4
>            Reporter: Beibei Zhao
>            Priority: Major
>
> We found that in other components (like namenode in hdfs or resourcemanager 
> in yarn), *debug log and audit log are record seperately*.
> There are lots of *simple *logs to help with debugging for the *developers 
> *who can access to the source code. And there are also audit logs record 
> *privileged operations* with more *detailed* information to help *system 
> admins* understand what happened in a real run. 
> There is an example in yarn: 
> {code:java}
>   public static final Log auditLog = LogFactory.getLog(
>       FSNamesystem.class.getName() + ".audit");
> try {
>       // Safety
>       userUgi = UserGroupInformation.getCurrentUser();
>       user = userUgi.getShortUserName();
>     } catch (IOException ie) {
>       LOG.warn("Unable to get the current user.", ie); // debug log
>       RMAuditLogger.logFailure(user, AuditConstants.SUBMIT_APP_REQUEST,
>           ie.getMessage(), "ClientRMService",
>           "Exception in submitting application", applicationId, callerContext,
>           submissionContext.getQueue()); // audit log
>       throw RPCUtil.getRemoteException(ie);
>     }
> {code}
> So I suggest to add an audit log for *RouterAdminServer* to save privileged 
> operation logs seperately.
> {code:java}
> // hadoop security
> public static final Logger AUDITLOG =
>       LoggerFactory.getLogger(
>           "SecurityLogger." + ServiceAuthorizationManager.class.getName());
> // namenode
>   public static final Log auditLog = LogFactory.getLog(
>       FSNamesystem.class.getName() + ".audit");
> {code}
> I choose className.audit finally.
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (HDFS-16944) Add audit log for RouterAdminServer to save privileged operation log seperately.

Reply via email to