Configuring audit logging to a log4j log file
Configure DataStax Enterprise to log activity to a log4j log file.
- Installer-Services and Package installations: /etc/dse/cassandra/log4j-server.properties
- Installer-No Services and Tarball installations: install_location/resources/log4j-appender/log4j-server.properties
You can configure DataStax Enterprise to log activity to a log4j log file. DataStax Enterprise places the
audit log in the directory indicated in the
log4j-server.properties configuration file. After
the file reaches a configurable size threshold, it rolls over, and the file name is
changed. The file names include a numerical suffix determined by the
maxBackupIndex
property.
- Auditing is configured through a text file in the file system, so the file is vulnerable to OS-level security breaches. You can address this issue by changing DataStax Enterprise's umask setting to change the permissions to 600 on the audit files by default. Be aware that if other tools look at the data, changing this setting can cause read problems. Alternately, you can store the audit file on an OS-level encrypted file system such as Vormetric.
Configuring data auditing
You can configure which categories of audit events should be logged and also whether operations against any specific keyspaces should be omitted from audit logging.
Procedure
Example
The audit log section of the log4j-server.properties by default looks like this:
log4j.logger.DataAudit=INFO, A log4j.additivity.DataAudit=false log4j.appender.A=org.apache.log4j.RollingFileAppender log4j.appender.A.File=/var/log/cassandra/audit.log log4j.appender.A.bufferedIO=true log4j.appender.A.maxFileSize=200MB log4j.appender.A.maxBackupIndex=5 log4j.appender.A.layout=org.apache.log4j.PatternLayout log4j.appender.A.layout.ConversionPattern=%m%n