Filtering keyspaces
Locate the dse.yaml
configuration file. The location of this file depends on the type of installation:
-
Package installations:
/etc/dse/dse.yaml
-
Tarball installations:
<installation_location>/resources/dse/conf/dse.yaml
Configure which keyspaces to capture in the audit_logging_options
section of the dse.yaml
.
audit_logging_options:
enabled: true
logger: <logger_name>
# included_categories:
# excluded_categories:
# included_keyspaces:
# excluded_keyspaces:
where <logger_name>
is SLF4JAuditWriter
or CassandraAuditWriter
.
By default, both keyspace parameters are commented out and therefore all events are captured. Use only one of the following parameters to limit which events are captured:
-
included_keyspaces
- Includes only matching keyspaces; excludes all others.When specifying that keyspaces are part of an access list by enabling the parameter
included_keyspaces
,AUTH
messages are not captured. -
excluded_keyspaces
- Excludes matching keyspaces; includes all others.
Match keypsaces using a comma separated list of names or a single regular expression.
Example
The system local keyspace is queried on every log in, the following exclusion will show login events without showing additional queries to the system_local keyspace.
audit_logging_options:
enabled: true
logger: <logger_name>
# included_categories:
# excluded_categories:
# included_keyspaces:
excluded_keyspaces: system_local