[
https://issues.apache.org/jira/browse/HDFS-6634?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14080031#comment-14080031
]
Allen Wittenauer commented on HDFS-6634:
----------------------------------------
bq. What if the format of the audit log changes?
Then you'd see a very large contingent of angry admins killing hadoop
committers in their sleep. ;)
In reality, all of the core folks recognize that the current audit format is
pretty much locked in stone forever and ever. Any changes would need to be a
new audit format that goes to a different log and/or file. I think it was
[~sureshms] who mentioned that they might make a new one for keep track of a
context, but the old one would have to remain.
bq. What about the large volume of events in the audit log (e.g. reads)? How
are those easily filtered out?
The same way you'd expect:
# read event
# do i care about this event?
# no? toss it.
# yes? act.
# repeat until done
You might get clever with the stream and write a custom handler that partitions
the data if this is a concern. I'd be more interested in it serializing the
data so that one isn't pushing ascii over the wire. But again, that's all
pretty easy to do with something like this theoretical setup. The one *big*
gotcha is security. Reading a raw stream of file access like this is clearly a
security hole and Kafka has zero security today as well.
> inotify in HDFS
> ---------------
>
> Key: HDFS-6634
> URL: https://issues.apache.org/jira/browse/HDFS-6634
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: hdfs-client, namenode, qjm
> Reporter: James Thomas
> Assignee: James Thomas
> Attachments: inotify-intro.2.pdf, inotify-intro.pdf
>
>
> Design a mechanism for applications like search engines to access the HDFS
> edit stream.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
