[jira] [Commented] (HDFS-16944) Add audit log for RouterAdminServer to save privileged operation log seperately.

Fri, 24 Oct 2025 17:24:21 -0700 


    [ 
https://issues.apache.org/jira/browse/HDFS-16944?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18032886#comment-18032886
 ] 

ASF GitHub Bot commented on HDFS-16944:
---------------------------------------

github-actions[bot] closed pull request #5464: HDFS-16944 Add audit log for 
RouterAdminServer to save privileged operation log seperately.
URL: https://github.com/apache/hadoop/pull/5464




> Add audit log for RouterAdminServer to save privileged operation log 
> seperately.
> --------------------------------------------------------------------------------
>
>                 Key: HDFS-16944
>                 URL: https://issues.apache.org/jira/browse/HDFS-16944
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: federation
>    Affects Versions: 3.3.4
>            Reporter: Beibei Zhao
>            Priority: Major
>              Labels: pull-request-available
>
> We found that in other components (like namenode in hdfs or resourcemanager 
> in yarn), *debug log and audit log are record seperately*, except 
> *RouterAdminServer*.
> There are lots of +simple+ logs to help with debugging for the *developers* 
> who can access to the source code. And there are also audit logs record 
> +privileged operations+ with more +detailed+ information to help *system 
> admins* understand what happened in a real run. 
> There is an example in yarn: 
> {code:java}
>    try {
>       // Safety
>       userUgi = UserGroupInformation.getCurrentUser();
>       user = userUgi.getShortUserName();
>     } catch (IOException ie) {
>       LOG.warn("Unable to get the current user.", ie); // debug log
>       RMAuditLogger.logFailure(user, AuditConstants.SUBMIT_APP_REQUEST,
>           ie.getMessage(), "ClientRMService",
>           "Exception in submitting application", applicationId, callerContext,
>           submissionContext.getQueue()); // audit log
>       throw RPCUtil.getRemoteException(ie);
>     }
> {code}
> So I suggest to add an audit log for *RouterAdminServer* to save privileged 
> operation logs seperately.
> The logger' s name may be: 
> {code:java}
> // hadoop security
> public static final Logger AUDITLOG =
>       LoggerFactory.getLogger(
>           "SecurityLogger." + ServiceAuthorizationManager.class.getName());
> // namenode
>   public static final Log auditLog = LogFactory.getLog(
>       FSNamesystem.class.getName() + ".audit");
> {code}
> I choose className.audit finally and record AUDITLOG instead of LOG for the 
> privileged operations that call permission check function 
> _checkSuperuserPrivilege_.
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to