Managing audit logs

Use metadata configuration to manage the DSE Advanced Replication replication load audit logs.

DSE Advanced Replication provides replication audit logging and commands to manage the audit logs with metadata configuration. Audit logs are stored on the edge cluster and are handled by the audit log analyzer (AuditLogAnalyzer). The audit log analyzer reads the log files, including audit log files in .gzip format, that might be incomplete because they are still being written or they were improperly closed. The audit log analyzer identifies the list of files which match the template that is defined with the replication_log_audit_log_file configuration key and that have exceeded the maximum time interval since they were written to. Purging is based on these criteria.

Global settings apply to the entire edge cluster. These global settings are stored in the CQL table dse_system.advrep_conf that is automatically created. To define configuration keys to change global settings, you can the dse advrep command line tool or write directly to the CQL table. The audit log files are read write (RW) only for the file owner, with no permissions for other users.

Procedure

  1. Enable replication audit logging:
    dse advrep edge conf replication_log_audit_log_enabled true
  2. To compress the audit log output file using gzip file format:
    dse advrep edge conf replication_log_audit_log_file_gzipped true
  3. The default file name prefix template is /tmp/advrep_rl_audit.log. To define a different file name template for the audit log file:
    dse advrep edge conf replication_log_audit_log_file /tmp/advrep_audit_store1.log
  4. Specify the time interval to rotate the audit log file. On rotation, the rotated file is appended with the log counter .[logcounter], incrementing from [0]. To disable rotation, set to 0.
    dse advrep edge conf replication_log_audit_log_file_rotate_time_mins 120
  5. Specify the maximum lifetime of audit log files.
    After audit log files are rotated, they are periodically purged when the log files:
    • Match the replication_log_audit_log_file template
    • And have not been written to for more than the specified maximum lifespan minutes

    To disable purging, set to 0.

    dse advrep edge conf replication_log_audit_log_file_rotate_time_max_lifespan_mins 120
  6. Restart the node to enable the changes.
    When logging is enabled, log files that would be overwritten are moved to a subdirectory in the log directory. The subdirectory is named archive_x, where x increments from 0 until an unused directory is identified and created.