Sam, Paulo,
One more question on logging. Can I add IP and hostname to the log message?
If it is possible, can you give me example of how I would need to
change <pattern>%-5level %date{HH:mm:ss,SSS} %msg%n</pattern> to add this
information?
Thanks,
Oleg
On Tue, Jan 26, 2016 at 4:42 PM, oleg yusim <olegyu...@gmail.com> wrote:
> Sam, Paulo,
>
> Thank you very much for explanations and references.
>
> Oleg
>
> On Mon, Jan 25, 2016 at 10:08 AM, Sam Tunnicliffe <s...@beobal.com> wrote:
>
>> Paulo is correct in saying that C* doesn't have a direct equivalent of
>> SecurityContextHolder. Authenticated principal info is retrievable from the
>> QueryState during query execution but a) this isn't available to every
>> method in the call chain and b) its scope is limited to the coordinator for
>> the request. That is, it isn't serialized and included in the read/mutation
>> messages which the coordinator distributes to the replicas. So you could
>> produce a level of audit trail by providing a custom QueryHandler (See
>> CASSANDRA-6659) that logs each statement along with the principal. But if
>> the goal is indeed that "every log message in file should start with
>> username of the user, who initiated this action", it's isn't really
>> feasible right now
>>
>> On Mon, Jan 25, 2016 at 3:52 PM, Paulo Motta <pauloricard...@gmail.com>
>> wrote:
>>
>>> That would work, but afaik Cassandra doesn't have an equivalent of
>>> RequestContextHolder/SecurityContextHolder that is able to retrieve the
>>> user/session of a given thread/request (maybe I'm wrong as I'm no auth
>>> expert), so if these don't exist we'd need to add equivalent to those or do
>>> it via MDC (set the context when request arrives, propagate to down stream
>>> threads, cleanup), which can become quite messy as shown in CASSANDRA-7276.
>>>
>>> For CQL statements perhaps the query tracing infrastructure could be
>>> reused to provide that info, but that would require further investigation.
>>> See CASSANDRA-1123 for more details on that.
>>>
>>> 2016-01-25 12:30 GMT-03:00 oleg yusim <olegyu...@gmail.com>:
>>>
>>>> Paulo,
>>>>
>>>> Ideally - all the actions (security purposes, preserving completness of
>>>> the audit trail). How about this approach:
>>>> http://www.codelord.net/2010/08/27/logging-with-a-context-users-in-logback-and-spring-security/
>>>> ?
>>>> Would that work? Or you would rather suggest to go MDC way?
>>>>
>>>> Thanks,
>>>>
>>>> Oleg
>>>>
>>>> On Mon, Jan 25, 2016 at 9:23 AM, Paulo Motta <pauloricard...@gmail.com>
>>>> wrote:
>>>>
>>>>> What kind of actions? nodetool/system actions or cql statements?
>>>>>
>>>>> You could probably achieve identity-based logging with logback Mapped
>>>>> Diagnostic Context (MDC - logback.qos.ch/manual/mdc.html), but you'd
>>>>> need to patch your own Cassandra jars in many locations to provide that
>>>>> information to the logging context, so not exactly a trivial thing to do.
>>>>> We tried using that to print ks/cf names on log messages but it became a
>>>>> bit messy due to the SEDA architecture as you need to patch executors to
>>>>> inherit identifiers from parent threads and cleanup afterwards. See
>>>>> CASSANDRA-7276 for more background.
>>>>>
>>>>> 2016-01-25 12:09 GMT-03:00 oleg yusim <olegyu...@gmail.com>:
>>>>>
>>>>>> I want to try to re-phrase my question here... what I'm trying to
>>>>>> achieve is identity-based logging. I.e. every log message in file should
>>>>>> start with username of the user, who initiated this action. Would that be
>>>>>> possible to achieve? If so, can you give me a brief example?
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Oleg
>>>>>>
>>>>>> On Thu, Jan 21, 2016 at 2:57 PM, oleg yusim <olegyu...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Joel,
>>>>>>>
>>>>>>> Thanks for reference. What I'm trying to achieve, is to add the name
>>>>>>> of the user, who initiated logged action. I tried c{5}, but what I see
>>>>>>> is
>>>>>>> that;
>>>>>>>
>>>>>>> TRACE [GossipTasks:1] c{5} 2016-01-21 20:51:17,619 Gossiper.java:700
>>>>>>> - Performing status check ...
>>>>>>>
>>>>>>> I think, I'm missing something here. Any suggestions?
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Oleg
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Jan 21, 2016 at 1:30 PM, Joel Knighton <
>>>>>>> joel.knigh...@datastax.com> wrote:
>>>>>>>
>>>>>>>> Cassandra uses logback as its backend for logging.
>>>>>>>>
>>>>>>>> You can find information about configuring logging in Cassandra by
>>>>>>>> searching for "Configuring logging" on docs.datastax.com and
>>>>>>>> selecting the documentation for your version.
>>>>>>>>
>>>>>>>> The documentation for PatternLayouts (the pattern string about
>>>>>>>> which you're asking) in logback is available in the logback manual
>>>>>>>> under
>>>>>>>> the section for Conversion Words
>>>>>>>> http://logback.qos.ch/manual/layouts.html#conversionWord
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Jan 21, 2016 at 1:21 PM, oleg yusim <olegyu...@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Greetings,
>>>>>>>>>
>>>>>>>>> Guys, can you, please, point me to documentation on how to
>>>>>>>>> configure format of logs? I want make it clear, I'm talking about
>>>>>>>>> formatting i.e. this:
>>>>>>>>>
>>>>>>>>> <pattern>%-5level %date{HH:mm:ss,SSS} %msg%n</pattern>
>>>>>>>>>
>>>>>>>>> What if I want to add another parameters into this string? Is
>>>>>>>>> there a list of available parameters here and syntax?
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>>
>>>>>>>>> Oleg
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> <http://www.datastax.com/>
>>>>>>>>
>>>>>>>> Joel Knighton
>>>>>>>> Cassandra Developer | joel.knigh...@datastax.com
>>>>>>>>
>>>>>>>> <https://www.linkedin.com/company/datastax>
>>>>>>>> <https://www.facebook.com/datastax> <https://twitter.com/datastax>
>>>>>>>> <https://plus.google.com/+Datastax/about>
>>>>>>>> <http://feeds.feedburner.com/datastax>
>>>>>>>> <https://github.com/datastax/>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
