Managing audit logs
DSE Advanced Replication provides replication audit logging and commands to manage the audit logs with metadata configuration.
Audit logs are stored on the source cluster and are handled by the audit log analyzer (
The audit log analyzer reads the log files, including audit log files in GZIP (
.gz) format, that might be incomplete because they are still being written or they were improperly closed.
The audit log analyzer identifies the list of files which match the template that is defined with the
audit_log_file configuration key and that have exceeded the maximum time interval since they were written to.
Purging is based on these criteria.
Global settings apply to the entire source cluster.
These global settings are stored in the CQL table
dse_system.advrep_source_config that is automatically created.
To define configuration keys to change global settings, use the
dse advrep conf update command.
The audit log files are read/write (RW) only for the file owner, with no permissions for other users.
The time stamp for all writes is UTC (Universal Time Coordinated ).
Enable replication audit logging:
dse advrep conf update --audit-log-enabled true
The default base audit log directory is
/var/lib/cassandra/advrep/auditlog. To define a different directory for storing audit log files:
dse advrep conf update --audit-log-file /tmp/auditAdvRep
If the configured audit log file is a relative path, then the log files be placed in the default base directory. If the configured audit log file is an absolute path, then that path is used.
To compress the audit log output using the gzip file format:
dse advrep conf update --audit-log-compression GZIP --audit-log-file /tmp/auditAdvRep/myaudit.gz
The default value is
NONEfor compression. If
.gzis not appended to the audit log filename in the command, it is appended to the created files. Compressed audit log files remain locked until rotated out; the active file cannot be opened.
Specify the time interval to rotate the audit log file. On rotation, the rotated file is appended with the log counter [
.logcounter], incrementing from [
0]. To disable rotation, set to
dse advrep conf update --audit-log-rotate-mins 120
For example, the compressed file from the last step can be uncompressed after rotating out to
Specify the maximum lifetime of audit log files.
After audit log files are rotated, they are periodically purged when the log files:
Match the audit log file
And have not been written to for more than the specified maximum lifespan minutes To disable purging, set to
dse advrep conf update --audit-log-max-life-span-mins 120
Restart the node to enable the changes.
When logging is enabled, log files that would be overwritten are moved to a subdirectory in the log directory. The subdirectory is named
0until an unused directory is identified and created.