Re: Log4j: Removing Audit messages

Sun, 15 Mar 2015 18:42:40 -0700

On the contrary, if you don't have a *.audit file, it's probably getting parsed as the audit file wasn't made.
log4j.properties is only used for "client" applications -- not the server processes. 


Server processes configure their logging by first looking for a 
%s_logger.xml and then %s_logger.properties file where %s is the name of 
the process (e.g. tserver, gc).


Generally, there should be the following in your generic_logger.xml:

<logger name="Audit">
  <level value="OFF"/>
</logger>

or in generic_logger.properties (if you remove *_logger.xml):

log4j.logger.Audit=OFF


These should probably be in the templates/examples that we provide. It 
doesn't appear that they presently are.


Dylan Hutchison wrote:

Yes, here are the contents of conf/auditLog.xml:

    <appender name="Audit"
    class="org.apache.log4j.DailyRollingFileAppender">
    <param name="File"
    
value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
    <param name="MaxBackupIndex" value="10"/>
    <param name="DatePattern" value="'.'yyyy-MM-dd"/>
    <layout class="org.apache.log4j.PatternLayout">
    <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z}
    [%c{2}] %-5p: %m%n"/>
    </layout>
    </appender>
    <logger name="Audit"  additivity="false">
    <appender-ref ref="Audit" />
    <level value="*OFF*"/>
    </logger>


I don't think this file is parsed because if the level were truly OFF,
then I wouldn't see any audit messages.

On Sun, Mar 15, 2015 at 9:03 PM, Billie Rinaldi
<[email protected] <mailto:[email protected]>> wrote:

    Do you have an auditLog.xml?

    On Mar 15, 2015 8:58 PM, "Dylan Hutchison" <[email protected]
    <mailto:[email protected]>> wrote:

        Hi there,

        I'd like to stop appending INFO-level AUDIT log messages to the
        regular and debug tserver log files. Here is an example log:

            2015-03-15 20:39:26,970 [Audit   ] INFO : operation:
            permitted; user: root; client: 127.0.0.1:41256
            <http://127.0.0.1:41256>;


        I'm confused how log4j is setup (see ACCUMULO-3546
        <https://issues.apache.org/jira/browse/ACCUMULO-3546>).  I tried
        appending variants of

            log4j.logger.Audit=WARN


        to $ACCUMULO_HOME/conf/log4j.properties, but no luck.  There is
        also the generic_logger.xml and generic_logger.properties.

        This line of code
        from org.apache.accumulo.server.security.AuditedSecurityOperation is
        relevant:


            public static final String AUDITLOG = "Audit";
            public static final Logger audit = Logger.getLogger(AUDITLOG);


        I want to stop this logger.

        Regards,
        Dylan Hutchison
























					Reply via email to