[jira] [Updated] (RANGER-1780) Allow AuditSummaryQueue to aggregate events in the same directory
[ https://issues.apache.org/jira/browse/RANGER-1780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-1780: - Fix Version/s: (was: 1.1.0) > Allow AuditSummaryQueue to aggregate events in the same directory > - > > Key: RANGER-1780 > URL: https://issues.apache.org/jira/browse/RANGER-1780 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 0.7.1 >Reporter: Alejandro Fernandez >Assignee: Alejandro Fernandez >Priority: Major > Attachments: RANGER-1780.patch, ranger_summary.png > > > AuditSummaryQueue already has logic to enable the summarization, but it > requires 2 events to have the exact same resource path (plus a couple of > other fields such as user, access type, access result, action, client ip, > session). > This Jira is to add a config called > xasecure.audit.provider.summary.aggregate.level so that if it is set to > "directory" then 2 events can still be aggregated if they are files in the > same directory. > If the config is not specified its default value will be "file" which > preserves the existing behavior. > See [^ranger_summary.png] for screenshot on desired behavior. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-1780) Allow AuditSummaryQueue to aggregate events in the same directory
[ https://issues.apache.org/jira/browse/RANGER-1780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-1780: - Fix Version/s: (was: 1.0.0) 1.1.0 > Allow AuditSummaryQueue to aggregate events in the same directory > - > > Key: RANGER-1780 > URL: https://issues.apache.org/jira/browse/RANGER-1780 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 0.7.1 >Reporter: Alejandro Fernandez >Assignee: Alejandro Fernandez >Priority: Major > Fix For: 1.1.0 > > Attachments: RANGER-1780.patch, ranger_summary.png > > > AuditSummaryQueue already has logic to enable the summarization, but it > requires 2 events to have the exact same resource path (plus a couple of > other fields such as user, access type, access result, action, client ip, > session). > This Jira is to add a config called > xasecure.audit.provider.summary.aggregate.level so that if it is set to > "directory" then 2 events can still be aggregated if they are files in the > same directory. > If the config is not specified its default value will be "file" which > preserves the existing behavior. > See [^ranger_summary.png] for screenshot on desired behavior. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-1780) Allow AuditSummaryQueue to aggregate events in the same directory
[ https://issues.apache.org/jira/browse/RANGER-1780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alejandro Fernandez updated RANGER-1780: Description: AuditSummaryQueue already has logic to enable the summarization, but it requires 2 events to have the exact same resource path (plus a couple of other fields such as user, access type, access result, action, client ip, session). This Jira is to add a config called xasecure.audit.provider.summary.aggregate.level so that if it is set to "directory" then 2 events can still be aggregated if they are files in the same directory. If the config is not specified its default value will be "file" which preserves the existing behavior. See [^ranger_summary.png] for screenshot on desired behavior. was: AuditSummaryQueue already has logic to enable the summarization, but it requires 2 events to have the exact same resource path (plus a couple of other fields such as user, access type, access result, action, client ip, session). This Jira is to add a config called xasecure.audit.provider.summary.aggregate.level so that if it is set to "directory" then 2 events can still be aggregated if they are files in the same directory. If the config is not specified its default value will be "file" which preserves the existing behavior. > Allow AuditSummaryQueue to aggregate events in the same directory > - > > Key: RANGER-1780 > URL: https://issues.apache.org/jira/browse/RANGER-1780 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 0.7.1 >Reporter: Alejandro Fernandez > Fix For: 1.0.0 > > Attachments: RANGER-1780.patch, ranger_summary.png > > > AuditSummaryQueue already has logic to enable the summarization, but it > requires 2 events to have the exact same resource path (plus a couple of > other fields such as user, access type, access result, action, client ip, > session). > This Jira is to add a config called > xasecure.audit.provider.summary.aggregate.level so that if it is set to > "directory" then 2 events can still be aggregated if they are files in the > same directory. > If the config is not specified its default value will be "file" which > preserves the existing behavior. > See [^ranger_summary.png] for screenshot on desired behavior. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1780) Allow AuditSummaryQueue to aggregate events in the same directory
[ https://issues.apache.org/jira/browse/RANGER-1780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alejandro Fernandez updated RANGER-1780: Attachment: ranger_summary.png > Allow AuditSummaryQueue to aggregate events in the same directory > - > > Key: RANGER-1780 > URL: https://issues.apache.org/jira/browse/RANGER-1780 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 0.7.1 >Reporter: Alejandro Fernandez > Fix For: 1.0.0 > > Attachments: RANGER-1780.patch, ranger_summary.png > > > AuditSummaryQueue already has logic to enable the summarization, but it > requires 2 events to have the exact same resource path (plus a couple of > other fields such as user, access type, access result, action, client ip, > session). > This Jira is to add a config called > xasecure.audit.provider.summary.aggregate.level so that if it is set to > "directory" then 2 events can still be aggregated if they are files in the > same directory. > If the config is not specified its default value will be "file" which > preserves the existing behavior. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1780) Allow AuditSummaryQueue to aggregate events in the same directory
[ https://issues.apache.org/jira/browse/RANGER-1780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alejandro Fernandez updated RANGER-1780: Description: AuditSummaryQueue already has logic to enable the summarization, but it requires 2 events to have the exact same resource path (plus a couple of other fields such as user, access type, access result, action, client ip, session). This Jira is to add a config called xasecure.audit.provider.summary.aggregate.level so that if it is set to "directory" then 2 events can still be aggregated if they are files in the same directory. If the config is not specified its default value will be "file" which preserves the existing behavior. was: When processing a list of AuthzAuditEvents, a chain of them can be grouped (or rather 2...n skipped) if they share similar attributes (same user, access type, access result, time window during the access time, etc. https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java#L14 > Allow AuditSummaryQueue to aggregate events in the same directory > - > > Key: RANGER-1780 > URL: https://issues.apache.org/jira/browse/RANGER-1780 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 0.7.1 >Reporter: Alejandro Fernandez > Fix For: 1.0.0 > > > AuditSummaryQueue already has logic to enable the summarization, but it > requires 2 events to have the exact same resource path (plus a couple of > other fields such as user, access type, access result, action, client ip, > session). > This Jira is to add a config called > xasecure.audit.provider.summary.aggregate.level so that if it is set to > "directory" then 2 events can still be aggregated if they are files in the > same directory. > If the config is not specified its default value will be "file" which > preserves the existing behavior. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1780) Allow AuditSummaryQueue to aggregate events in the same directory
[ https://issues.apache.org/jira/browse/RANGER-1780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alejandro Fernandez updated RANGER-1780: Summary: Allow AuditSummaryQueue to aggregate events in the same directory (was: Optimize Audit Logging by Aggregating/Skipping similar AuthzAuditEvents) > Allow AuditSummaryQueue to aggregate events in the same directory > - > > Key: RANGER-1780 > URL: https://issues.apache.org/jira/browse/RANGER-1780 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 0.7.1 >Reporter: Alejandro Fernandez > Fix For: 1.0.0 > > > When processing a list of AuthzAuditEvents, a chain of them can be grouped > (or rather 2...n skipped) if they share similar attributes (same user, access > type, access result, time window during the access time, etc. > https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java#L14 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
