Configuring audit logging to a logback log file
Configuring audit logging in DataStax Enterprise.
If you've enabled audit logging and set the logger to output to the SLF4JAuditWriter
as described in Configuring and using data auditing, you can configure the logger
by setting options in logback.xml. DataStax Enterprise places
the audit log in the directory defined in the
logback.xml configuration file. After the log file
reaches the configured size threshold, it rolls over, and the log file name is
changed. The file names include a numerical suffix that is determined by the
maxBackupIndex
property.
Installer-Services and Package installations | /etc/dse/cassandra/conf/logback.xml |
Installer-No Services and Tarball installations | install_location/resources/cassandra/conf/logback.xml |
Because auditing is configured through a text file in the file system, the file is vulnerable to OS-level security breaches. You can address this issue by changing DataStax Enterprise's umask setting to change the permissions to 600 on the audit files by default. Be aware that if other tools look at the data, changing this setting can cause read problems. Alternately, you can store the audit file on an OS-level encrypted file system such as Vormetric.
Configuring data auditing
You can configure which categories of audit events to log, and whether to omit operations against specific keyspaces from audit logging.