Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[YCQL] Support Audit Logging #5887

Closed
m-iancu opened this issue Sep 30, 2020 · 1 comment
Closed

[YCQL] Support Audit Logging #5887

m-iancu opened this issue Sep 30, 2020 · 1 comment
Assignees
@frozenspider

Comments

@m-iancu
Copy link
Contributor

m-iancu commented Sep 30, 2020
edited
Loading

Configuration

We should be able to configure what to audit along three dimensions: (statement or event) categories, users, and keyspaces. Each of them should be configurable either by inclusion (listing all statement categories, users, or keyspaces to be audited) or by exclusion (listing all statement categories, users, or keyspaces to be excluded from auditing).

Flag Valid Values Description
ycql_enable_audit_log false (default) or true. Whether to enable YCQL audit, default false.
ycql_audit_included_categories empty (default) or comma-separated list of statement categories. categories to be audited.
ycql_audit_excluded_categories empty (default) or comma-separated list of statement categories. categories to be excluded from auditing.
ycql_audit_included_users empty (default) or comma-separated list of users. users to be audited.
ycql_audit_excluded_users empty (default) or comma-separated list of users. users to be excluded from auditing.
ycql_audit_included_keyspaces empty (default) or comma-separated list of keyspaces. keyspaces to be audited.
ycql_audit_excluded_keyspaces empty or comma-separated list of keyspaces. Most system keyspaces are excluded by default. keyspaces to be excluded from auditing.
ycql_audit_log_level INFO, WARNING, or ERROR (default ERROR). Severity level at which an audit will be logged.

Audit Categories

The valid statement categories are described in the table below.

Audit Category Covered YCQL statements or wire-protocol events
QUERY SELECT
DML INSERT, UPDATE, DELETE, BEGIN TRANSACTION, and batch statements.
DDL TRUNCATE, CREATE/ALTER/DROP KEYSPACE/TABLE/INDEX/TYPE
DCL LIST USERS/ROLES/PERMISSIONS, GRANT, REVOKE, CREATE/ALTER/DROP ROLE
AUTH Login error, login attempt, login success
PREPARE Prepared statement
ERROR Request failure
OTHER USE , EXPLAIN

Output format

Each audit log record should have the following components:

Field Notes
user User name (if available)
host IP of the node where the command is being executed
source IP address from where the request initiated
port Port number from where the request initiated
timestamp Unix timestamp (in milliseconds)
type Type of the request (SELECT, INSERT, etc.,)
category Category of the request (DDL, DML, etc.,)
ks Keyspace on which request is targeted to be executed (if applicable)
scope Target of the current operation, such as the table, user, type, or keyspace name for corresponding CREATE, ALTER, or DROP commands.
operation The YCQL command being executed.
@m-iancu
Copy link
Contributor Author

m-iancu commented Sep 30, 2020

Fixed by fdec43a.

@m-iancu m-iancu closed this as completed Sep 30, 2020
@m-iancu m-iancu mentioned this issue Sep 30, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@frozenspider frozenspider

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@frozenspider @m-iancu