[
https://issues.apache.org/jira/browse/KAFKA-5810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16497701#comment-16497701
]
GĂ©rald Quintana edited comment on KAFKA-5810 at 6/1/18 8:10 AM:
----------------------------------------------------------------
In order to be able to detect security attacks, I'd like to have to an access
log. It would contain authentication failures (ex. wrong user/password with
SASL plain), authorization failure (like kafka-authorizer.log).
To go further, it could also be interesting to log
* Successful authentication/authorization (mostly for debugging purpose)
* Dangerous operations: ACL changes, topic deletion...
was (Author: gquintana):
In order to be able to detect security attacks, I'd like to have to an access
log. It would contain authentication failures (ex. wrong user/password with
SASL plain), authorization failure (like kafka-authorizer.log). Successful
authentication/authorization logs could also be interesting (mostly for
debugging purpose).
> Improve authentication logging on the broker-side
> -------------------------------------------------
>
> Key: KAFKA-5810
> URL: https://issues.apache.org/jira/browse/KAFKA-5810
> Project: Kafka
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.11.0.0
> Reporter: Rajini Sivaram
> Priority: Major
>
> From [~theduderog] in the discussion of KIP-152:
> The metrics in KIP-188 will provide counts across all users but the log
> could potentially be used to audit individual authentication events. I
> think these would be useful at INFO level but if it's inconsistent with the
> rest of Kafka, DEBUG is ok too. The default log4j config for Kafka
> separates authorization logs. It seems like a good idea to treat
> authentication logs the same way whether or not we choose DEBUG or INFO.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
