[
https://issues.apache.org/jira/browse/HDFS-16944?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17701919#comment-17701919
]
ASF GitHub Bot commented on HDFS-16944:
---------------------------------------
virajjasani commented on PR #5464:
URL: https://github.com/apache/hadoop/pull/5464#issuecomment-1474184981
Agree to the above suggestion of having a new audit logger class and use it
for all operations.
Also Ayush, do you think we should rather have audit logs that indicate the
audit and not the result as such? For instance, here it seems we are trying to
audit the result instead like "whether nameservice was successfully enabled".
Instead, audit log could have been something like "enable nameservice {ns}
is called by client {client/ip etc}". The result of whether or not nameservice
was enabled successfully is something to be saved as internal application logs
only rather than audit, WDYT?
> Add audit log for RouterAdminServer to save privileged operation log
> seperately.
> --------------------------------------------------------------------------------
>
> Key: HDFS-16944
> URL: https://issues.apache.org/jira/browse/HDFS-16944
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: federation
> Affects Versions: 3.3.4
> Reporter: Beibei Zhao
> Priority: Major
> Labels: pull-request-available
>
> We found that in other components (like namenode in hdfs or resourcemanager
> in yarn), *debug log and audit log are record seperately*, except
> *RouterAdminServer*.
> There are lots of +simple+ logs to help with debugging for the *developers*
> who can access to the source code. And there are also audit logs record
> +privileged operations+ with more +detailed+ information to help *system
> admins* understand what happened in a real run.
> There is an example in yarn:
> {code:java}
> try {
> // Safety
> userUgi = UserGroupInformation.getCurrentUser();
> user = userUgi.getShortUserName();
> } catch (IOException ie) {
> LOG.warn("Unable to get the current user.", ie); // debug log
> RMAuditLogger.logFailure(user, AuditConstants.SUBMIT_APP_REQUEST,
> ie.getMessage(), "ClientRMService",
> "Exception in submitting application", applicationId, callerContext,
> submissionContext.getQueue()); // audit log
> throw RPCUtil.getRemoteException(ie);
> }
> {code}
> So I suggest to add an audit log for *RouterAdminServer* to save privileged
> operation logs seperately.
> The logger' s name may be:
> {code:java}
> // hadoop security
> public static final Logger AUDITLOG =
> LoggerFactory.getLogger(
> "SecurityLogger." + ServiceAuthorizationManager.class.getName());
> // namenode
> public static final Log auditLog = LogFactory.getLog(
> FSNamesystem.class.getName() + ".audit");
> {code}
> I choose className.audit finally and record AUDITLOG instead of LOG for the
> privileged operations that call permission check function
> _checkSuperuserPrivilege_.
>
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
