[jira] [Commented] (ACCUMULO-3939) Accumulo AuditedSecurityOperation is not initialized properly

Tue, 21 Jul 2015 06:19:45 -0700 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-3939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14635090#comment-14635090
 ] 

James Mello commented on ACCUMULO-3939:
---------------------------------------

There is no auditLog.xml in the 1.5.0 version or the 1.5.3 version I'm running. 
Instead I set the logging level in the generic_logger.xml to ALL for the 
following:

  <appender name="AUDIT" class="org.apache.log4j.RollingFileAppender">
     <param name="File"           
value="${org.apache.accumulo.core.dir.log}/audit.log"/>
     <param name="MaxFileSize"    value="1000MB"/>
     <param name="MaxBackupIndex" value="10"/>
     <param name="Threshold"      value="ALL"/>
     <layout class="org.apache.log4j.PatternLayout">
       <param name="ConversionPattern" value="%d{ISO8601} [%-8c{2}] %-5p: 
%m%n"/>
     </layout>
  </appender>

  <logger name="org.apache.accumulo.server.security">
     <level value="ALL"/>
        <appender-ref ref="AUDIT" />
  </logger>

I didn't get any messages for any of the security packages with this 
configuration.

The full configuration is attached

> Accumulo AuditedSecurityOperation is not initialized properly
> -------------------------------------------------------------
>
>                 Key: ACCUMULO-3939
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3939
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.5.3
>            Reporter: James Mello
>            Priority: Critical
>              Labels: easyfix
>
> While reading the source I found out that the AuditedSecurityOperation is 
> never initialized properly.
> The AuditSecurityOperation does not contain a getInstance() static method. 
> This in turn just calls the SecurityOperation getInstance() method. Because 
> this is called in a static manner the getInstance(String instanceId, boolean 
> initialize) is called against the SecurityOperation class not the 
> AuditedSecurityOperation class.
> This should just be a simple fix that adds the getInstance() method to the 
> AuditedSecurityOperation class.
> This is critical as we are in need of this security auditing to meet 
> Information Assurance requirements for an upcoming major release of our 
> software.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to