CassandraAuditWriter table columns

When logging audit data to a database table using the CassandraAuditWriter logger, the audit data is stored in the dse_audit.audit_log table. This table has the following columns.

Audit log table columns
Column Description

date

Date of the event.

node

DSE node address.

day_partition

event_time

The system timestamp of the event.

batch_id

The UUID of the batch query the event was grouped with when written to Cassandra.

category

The event category.

keyspace_name

The keyspace of the event.

operation

The query or event description.

source

The IP address of the client.

table_name

The table affected by the event.

type

The type of the event.

username

The authenticated user triggering the event. If authentication isn’t enabled, the user is anonymous.

Using cqlsh, a SELECT statement can access the data if a user/role has permission:

SELECT * FROM dse_audit.audit_log;

with sample output from a DSE Graph query:

 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 57ff2dc0-3827-11e6-9ea9-2f93eec587f0 | null | QUERY | null | null |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 57ffa2f0-3827-11e6-9ea9-2f93eec587f0 | null |   DML |   null |        test |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 57ffca00-3827-11e6-9ea9-2f93eec587f0 | null | QUERY |    ONE |        test |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 58001820-3827-11e6-9ea9-2f93eec587f0 | null |   DML |   null |        test |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 58001821-3827-11e6-9ea9-2f93eec587f0 | null | QUERY |    ONE |        test |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 58008d50-3827-11e6-9ea9-2f93eec587f0 | null |   DML |   null |        test |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 5800db70-3827-11e6-9ea9-2f93eec587f0 | null |   DML |   null |        test |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 5800db71-3827-11e6-9ea9-2f93eec587f0 | null | QUERY |    ONE |        test |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 58012990-3827-11e6-9ea9-2f93eec587f0 | null |   DML |   null |        test |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 58019ec0-3827-11e6-9ea9-2f93eec587f0 | null |   DML |   null |        test |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 58019ec1-3827-11e6-9ea9-2f93eec587f0 | null | QUERY |    ONE |        test |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 5bb86530-3827-11e6-9ea9-2f93eec587f0 | null | QUERY |    ONE |   dse_audit |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 6dfac5d0-3827-11e6-9ea9-2f93eec587f0 | null | QUERY | QUORUM | test_system |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 6dfbb030-3827-11e6-9ea9-2f93eec587f0 | null |   DML |   null | test_system |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 6dfbb031-3827-11e6-9ea9-2f93eec587f0 | null | QUERY | QUORUM | test_system |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 70c70530-3827-11e6-9ea9-2f93eec587f0 | null |   DML |   null |  dse_system |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 70c70531-3827-11e6-9ea9-2f93eec587f0 | null | QUERY | QUORUM |  dse_system |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 78fb6480-3827-11e6-9ea9-2f93eec587f0 | null | QUERY |    ONE |   dse_audit |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 7aadcf70-3827-11e6-9ea9-2f93eec587f0 | null |   DML |   null | test_system |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 7aadf680-3827-11e6-9ea9-2f93eec587f0 | null | QUERY | QUORUM | test_system |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 7aaee0e0-3827-11e6-9ea9-2f93eec587f0 | null |   DML |   null | test_system |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 7aaee0e1-3827-11e6-9ea9-2f93eec587f0 | null | QUERY | QUORUM | test_system |
 2016-06-22 00:00:00+0000 | 127.0.0.1 | 10800 | 8195b190-3827-11e6-9ea9-2f93eec587f0 | null | QUERY |    ONE |   dse_audit |
RequestMessage{, requestId=941d2e1a-7cc9-4c80-8c28-dccb799840b7, op='eval', processor='session', args={gremlin=g.V().count(),
  aliases={g=testQSagain.g}, session=d179c734-813f-4a3e-89d6-bd756b4fcf57, bindings={}, manageTransaction=true, batchSize=64}}         | /127.0.0.1:60647 |         null | GRAPH_TINKERPOP_TRAVERSAL |   unknown
 SELECT "community_id", "member_id" FROM "test"."meal_p" WHERE "~~vertex_exists" = ? LIMIT ? ALLOW FILTERING;                          |         /0.0.0.0 |       meal_p |     CQL_PREPARE_STATEMENT |    system
 Query string not found in prepared statement cache [bind variable values unavailable]                                                 |         /0.0.0.0 |       meal_p |                CQL_SELECT |    system
 SELECT "community_id", "member_id" FROM "test"."ingredient_p" WHERE "~~vertex_exists" = ? LIMIT ? ALLOW FILTERING;                    |         /0.0.0.0 | ingredient_p |     CQL_PREPARE_STATEMENT |    system
 Query string not found in prepared statement cache [bind variable values unavailable]                                                 |         /0.0.0.0 | ingredient_p |                CQL_SELECT |    system
 SELECT "community_id", "member_id" FROM "test"."author_p" WHERE "~~vertex_exists" = ? LIMIT ? ALLOW FILTERING;                        |         /0.0.0.0 |     author_p |     CQL_PREPARE_STATEMENT |    system
 Query string not found in prepared statement cache [bind variable values unavailable]                                                 |         /0.0.0.0 |     author_p |                CQL_SELECT |    system
 SELECT "community_id", "member_id" FROM "test"."book_p" WHERE "~~vertex_exists" = ? LIMIT ? ALLOW FILTERING;                          |         /0.0.0.0 |       book_p |     CQL_PREPARE_STATEMENT |    system
 Query string not found in prepared statement cache [bind variable values unavailable]                                                 |         /0.0.0.0 |       book_p |                CQL_SELECT |    system
 SELECT "community_id", "member_id" FROM "test"."recipe_p" WHERE "~~vertex_exists" = ? LIMIT ? ALLOW FILTERING;                        |         /0.0.0.0 |     recipe_p |     CQL_PREPARE_STATEMENT |    system
 Query string not found in prepared statement cache [bind variable values unavailable]                                                 |         /0.0.0.0 |     recipe_p |                CQL_SELECT |    system
 SELECT "community_id", "member_id" FROM "test"."reviewer_p" WHERE "~~vertex_exists" = ? LIMIT ? ALLOW FILTERING;                      |         /0.0.0.0 |   reviewer_p |     CQL_PREPARE_STATEMENT |    system
 Query string not found in prepared statement cache [bind variable values unavailable]                                                 |         /0.0.0.0 |   reviewer_p |                CQL_SELECT |    system
 select * from audit_log ;                                                                                                             |       /127.0.0.1 |    audit_log |                CQL_SELECT | anonymous
 SELECT last_updated FROM "test_system".shared_data WHERE dataspace = ?;                                                               |         /0.0.0.0 |  shared_data |     CQL_PREPARE_STATEMENT |    system
 Query string not found in prepared statement cache [bind variable values unavailable]                                                 |         /0.0.0.0 |  shared_data |                CQL_SELECT |    system
 SELECT last_updated FROM "test_system".shared_data WHERE dataspace = ?;                                                               |         /0.0.0.0 |  shared_data |     CQL_PREPARE_STATEMENT |    system
 Query string not found in prepared statement cache [bind variable values unavailable]                                                 |         /0.0.0.0 |  shared_data |                CQL_SELECT |    system
 SELECT last_updated FROM "dse_system".shared_data WHERE dataspace = ?;                                                                |         /0.0.0.0 |  shared_data |     CQL_PREPARE_STATEMENT |    system
 Query string not found in prepared statement cache [bind variable values unavailable]                                                 |         /0.0.0.0 |  shared_data |                CQL_SELECT |    system
 select * from audit_log ;                                                                                                             |       /127.0.0.1 |    audit_log |                CQL_SELECT | anonymous
 SELECT last_updated FROM "test_system".shared_data WHERE dataspace = ?;                                                               |         /0.0.0.0 |  shared_data |     CQL_PREPARE_STATEMENT |    system
 Query string not found in prepared statement cache [bind variable values unavailable]                                                 |         /0.0.0.0 |  shared_data |                CQL_SELECT |    system
 Query string not found in prepared statement cache [bind variable values unavailable]                                                 |         /0.0.0.0 |  shared_data |                CQL_SELECT |    system
 select * from audit_log ;                                                                                                             |       /127.0.0.1 |    audit_log |                CQL_SELECT | anonymous

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com