Configuring and using data auditing
Auditing is implemented as a log4j-based integration.
Auditing is implemented as a log4j-based integration. DataStax Enterprise places the audit log in the directory indicated by a log4j.property. After the file reaches a threshold, it rolls over, and the file name is changed. The file names include a numerical suffix determined by the maxBackupIndex.
The audit logger logs information on the node set up for logging. For example, node 0 has audit turned on, node 1 does not. Issuing updates and other commands on node 1 does not generally show up on node 0’s audit log. To get the maximum information from data auditing, turn on data auditing on every node. The log4j supports data stored on the file system or in Cassandra.
Auditing is configured through a text file in the file system, so the file is vulnerable to OS-level security breaches. Store the file on an OS-level encrypted file system using Vormetric, for example, to secure it.
Audit logging of queries and prepared statements submitted to the DataStax Java Driver, which uses the CQL binary protocol, is supported.
When using audit logging with Kerberos authentication, the login events take place on Kerberos and are not logged in DataStax Enterprise. Authentication history is available only on Kerberos. When DataStax Enterprise is unable to authenticate a client with Kerberos, a LOGIN_ERROR event is logged.
Configuring data auditing
You can configure which categories of audit events should be logged and also whether operations against any specific keyspaces should be omitted from audit logging.
Procedure
Example
The audit log section of the log4j-server.properties file should look something like this:
log4j.logger.DataAudit=INFO, A log4j.additivity.DataAudit=false log4j.appender.A=org.apache.log4j.RollingFileAppender log4j.appender.A.File=/var/log/cassandra/audit.log log4j.appender.A.bufferedIO=true log4j.appender.A.maxFileSize=200MB log4j.appender.A.maxBackupIndex=5 log4j.appender.A.layout=org.apache.log4j.PatternLayout log4j.appender.A.layout.ConversionPattern=%m%n log4j.appender.A.filter.1=com.datastax.bdp.cassandra.audit.AuditLogFilter log4j.appender.A.filter.1.ActiveCategories=ALL log4j.appender.A.filter.1.ExemptKeyspaces=do_not_log,also_do_not_log