No not really. In general, Knox deals in HTTP requests and doesn't know what is in those requests. There is no parsing in Knox of the actual request data. A request comes to Knox an then is based through to the backend.
In the case of Hive JDBC over HTTP, a single "action" is typically multiple HTTP requests and aren't correlated easily at Knox. Some examples of HTTP requests; * Open connection * Create statement * Execute statement * Get resultset (do this for N number of batches of results) * Close statement * Close connection All of the above are separate HTTP requests that get passed down to HiveServer2. Knox doesn't know what the requests mean other than they need to go to HS2. If you are looking for audit for actions taken, you need to get that from the backend service that knows what action was taken. Kevin Risden On Mon, Feb 3, 2020 at 9:15 AM Yunus Durmuş <yu...@yanis.co> wrote: > Hi everyone, > > I would like to log every Hive query that runs via Knox. The audit > functionality shows that there is some activity by user X, but it does not > show the action itself. > When a security incident occurs, I should be able to figure out who > accesses what and when. > > cheers > yunus > >
