[
https://issues.apache.org/jira/browse/HDFS-16944?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17701981#comment-17701981
]
ASF GitHub Bot commented on HDFS-16944:
---------------------------------------
ayushtkn commented on PR #5464:
URL: https://github.com/apache/hadoop/pull/5464#issuecomment-1474357461
The only policy around Audit logs that I am aware of, they shouldn't change
and the parsers should be able to parse them, So, if we make the format similar
to that of the HDFS ones, that should be good but still not a strict ask.
Regarding logging `success`, we do log successful result everytime, it is
just the failure which get logs only for ACE. Why only ACE has historical
reasons, which we can decide here, if we want to go with that approach in RBF
also or not, whatever we choose is good, it is just we can't change it once
released.
One main reason for only ACE was: We are always interested In successful
cases, since that change the state of the FS, other failure we don't care
because they didn't do anything, for RPC load or so use the NamenodeMetrics.
ACE finds special attention as it is bit alarming: that someone who doesn't
have access attempted to do some operation, "Some illegal guy in the town
trying to do operation X, which he ain't allowed to do"
That is what I know, that is very old stuff, will research sometime more
about that....
> Add audit log for RouterAdminServer to save privileged operation log
> seperately.
> --------------------------------------------------------------------------------
>
> Key: HDFS-16944
> URL: https://issues.apache.org/jira/browse/HDFS-16944
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: federation
> Affects Versions: 3.3.4
> Reporter: Beibei Zhao
> Priority: Major
> Labels: pull-request-available
>
> We found that in other components (like namenode in hdfs or resourcemanager
> in yarn), *debug log and audit log are record seperately*, except
> *RouterAdminServer*.
> There are lots of +simple+ logs to help with debugging for the *developers*
> who can access to the source code. And there are also audit logs record
> +privileged operations+ with more +detailed+ information to help *system
> admins* understand what happened in a real run.
> There is an example in yarn:
> {code:java}
> try {
> // Safety
> userUgi = UserGroupInformation.getCurrentUser();
> user = userUgi.getShortUserName();
> } catch (IOException ie) {
> LOG.warn("Unable to get the current user.", ie); // debug log
> RMAuditLogger.logFailure(user, AuditConstants.SUBMIT_APP_REQUEST,
> ie.getMessage(), "ClientRMService",
> "Exception in submitting application", applicationId, callerContext,
> submissionContext.getQueue()); // audit log
> throw RPCUtil.getRemoteException(ie);
> }
> {code}
> So I suggest to add an audit log for *RouterAdminServer* to save privileged
> operation logs seperately.
> The logger' s name may be:
> {code:java}
> // hadoop security
> public static final Logger AUDITLOG =
> LoggerFactory.getLogger(
> "SecurityLogger." + ServiceAuthorizationManager.class.getName());
> // namenode
> public static final Log auditLog = LogFactory.getLog(
> FSNamesystem.class.getName() + ".audit");
> {code}
> I choose className.audit finally and record AUDITLOG instead of LOG for the
> privileged operations that call permission check function
> _checkSuperuserPrivilege_.
>
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
