[
https://issues.apache.org/jira/browse/HDFS-16944?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17702008#comment-17702008
]
ASF GitHub Bot commented on HDFS-16944:
---------------------------------------
virajjasani commented on PR #5464:
URL: https://github.com/apache/hadoop/pull/5464#issuecomment-1474436169
Wow, quite a history behind ACE, thanks a lot for summarizing everything
here :)
I was wondering in the past also as to why is it that hdfs audit logs only
care for auth success/failure rather than overall operation success/failure but
yes it does make sense to audit if authorized access was granted for the given
operation, as it's more alarming than other failures. (for other failures,
there are tons of logs anyways)
Thanks again!
> Add audit log for RouterAdminServer to save privileged operation log
> seperately.
> --------------------------------------------------------------------------------
>
> Key: HDFS-16944
> URL: https://issues.apache.org/jira/browse/HDFS-16944
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: federation
> Affects Versions: 3.3.4
> Reporter: Beibei Zhao
> Priority: Major
> Labels: pull-request-available
>
> We found that in other components (like namenode in hdfs or resourcemanager
> in yarn), *debug log and audit log are record seperately*, except
> *RouterAdminServer*.
> There are lots of +simple+ logs to help with debugging for the *developers*
> who can access to the source code. And there are also audit logs record
> +privileged operations+ with more +detailed+ information to help *system
> admins* understand what happened in a real run.
> There is an example in yarn:
> {code:java}
> try {
> // Safety
> userUgi = UserGroupInformation.getCurrentUser();
> user = userUgi.getShortUserName();
> } catch (IOException ie) {
> LOG.warn("Unable to get the current user.", ie); // debug log
> RMAuditLogger.logFailure(user, AuditConstants.SUBMIT_APP_REQUEST,
> ie.getMessage(), "ClientRMService",
> "Exception in submitting application", applicationId, callerContext,
> submissionContext.getQueue()); // audit log
> throw RPCUtil.getRemoteException(ie);
> }
> {code}
> So I suggest to add an audit log for *RouterAdminServer* to save privileged
> operation logs seperately.
> The logger' s name may be:
> {code:java}
> // hadoop security
> public static final Logger AUDITLOG =
> LoggerFactory.getLogger(
> "SecurityLogger." + ServiceAuthorizationManager.class.getName());
> // namenode
> public static final Log auditLog = LogFactory.getLog(
> FSNamesystem.class.getName() + ".audit");
> {code}
> I choose className.audit finally and record AUDITLOG instead of LOG for the
> privileged operations that call permission check function
> _checkSuperuserPrivilege_.
>
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
