Auditing is implemented as a log4j-based integration.
Auditing is implemented as a log4j-based
integration. DataStax Enterprise places the audit log in the directory indicated by
a log4j.property. After the file reaches a threshold, it rolls over, and the file
name is changed. The file names include a numerical suffix determined by the
maxBackupIndex.
The audit logger logs information on the node set up for logging. For example, node 0
has audit turned on, node 1 does not. Issuing updates and other commands on node 1
does not generally show up on node 0’s audit log. To get the maximum information
from data auditing, turn on data auditing on every node. The log4j supports data
stored on the file system or in Cassandra.
Auditing is configured through a text file in the file system, so the file is
vulnerable to OS-level security breaches. Store the file on an OS-level encrypted
file system using Vormetric, for example, to secure it.
Audit logging of queries and prepared statements submitted to the DataStax Java
Driver, which uses the CQL binary protocol, is supported.
Configuring data auditing
You can configure which categories of audit events should be logged and also whether
operations against any specific keyspaces should be omitted from audit logging.
Procedure
-
Open the log4j-server.properties file in the following
directory.
- Packaged
installs:/etc/dse/cassandra
- Tarball
installs:/resources/cassandra/conf
-
To configure data auditing, uncomment these properties, and ensure that the
default properties are set.
Property |
Default |
Description |
log4j.logger.DataAudit |
INFO, A |
Produce INFO-level logs. |
log4j.additivity.DataAudit |
false |
Prevents logging to the root appender. |
log4j.appender.A |
org.apache.log4j.RollingFileAppender |
Prevents logging to the root appender. |
log4j.appender.A.File |
/var/log/cassandra/audit.log |
Sets the file and path of the log file. |
log4j.appender.A.bufferedIO |
true |
True improves performance but will not be real time; set
to false for testing. |
To disable data auditing, comment out log4j.logger.DataAudit,
log4j.additivity.DataAudit, and log4jappender.A. This removes almost all
auditing overhead. The Log4J audit logger logs at INFO level, so the DataAudit
logger must be configured at INFO (or lower) level in log4j-server.properties.
Setting the logger to a higher level, such as WARN, prevents any log events from
being recorded, but it does not completely disable the data auditing. Some
overhead occurs beyond that caused by regular processing.
-
Set other general options to tune the logging, for example uncomment these
properties and accept the following defaults:
- log4j.appender.A.maxFileSize=200MB
- log4j.appender.A.maxBackupIndex=5
- log4j.appender.A.layout=org.apache.log4j.PatternLayout
- log4j.appender.A.layout.ConversionPattern=%m%n
- log4j.appender.A.filter.1=com.datastax.bdp.cassandra.audit.AuditLogFilter
-
Uncomment and set log4j.appender.A.filter.1.ActiveCategories to ALL or to a
combination of these settings:
Setting |
Logging |
ADMIN |
Logs describe schema versions, cluster name, version, ring, and
other admin events |
ALL |
Logs everything: DDL, DML, queries, and errors |
AUTH |
Logs login events |
DML |
Logs insert, update, delete and other DML events |
DDL |
Logs object and user create, alter, drop, and other DDL
events |
DCL |
Logs grant, revoke, create user, drop user, and list users
events |
QUERY |
Logs all queries |
Set the ActiveCategories property to a comma separated list of the categories
to include in the audit log output. By default, this list is empty so unless
specified, no events are included in the log. Events are generated even if not
included in the log, so set this property.
-
You can disable logging for specific keyspaces. Set this property as follows to
prevent logging to specified keyspaces:
log4j.appender.A.filter.1.ExemptKeyspaces=do_not_log,also_do_not_log
To prevent the audit logger from logging information about itself when using
the Cassandra log4j appender, exempt the keyspace from the appender logs.
Results
The audit log section of the log4j-server.properties file should look something like
this:
log4j.logger.DataAudit=INFO, A
log4j.additivity.DataAudit=false
log4j.appender.A=org.apache.log4j.RollingFileAppender
log4j.appender.A.File=/var/log/cassandra/audit.log
log4j.appender.A.bufferedIO=true
log4j.appender.A.maxFileSize=200MB
log4j.appender.A.maxBackupIndex=5
log4j.appender.A.layout=org.apache.log4j.PatternLayout
log4j.appender.A.layout.ConversionPattern=%m%n
log4j.appender.A.filter.1=com.datastax.bdp.cassandra.audit.AuditLogFilter
log4j.appender.A.filter.1.ActiveCategories=ALL
log4j.appender.A.filter.1.ExemptKeyspaces=do_not_log,also_do_not_log
Restart the node to see changes in the log.