Set up database auditing
Capture Hyper-Converged Database (HCD) activity to a log file or table. Each node only records the events that happen locally. Use the configuration to refine the type of events captured. DSE provides the following customizations:
-
Keyspace filtering: Capture activity in every keyspace or only targeted keyspaces. Filter keyspace names using
regex
. -
Category filtering: Identify event categories to limit the number of events captured.
-
Role filtering: Track the activity of particular users or groups by their login role name.
-
Node specific: Enable auditing on one or more nodes. Allows auditing of only specific nodes, an entire datacenter, or the whole cluster.
Configure logging levels, mask sensitive data, and for the The location of the
|
Choose a file versus table
Audit logging options are configured on a per node basis and therefore can be different on each node. HCD supports the following methods to record database activity:
-
Log file (per node): The
SLF4JAuditWriter
[Simple Logging Facade for Java (SLF4J
) Audit Writer] logger records all database activity that occurs on the local node to theaudit.log
file. When tracing a multi-node request, collect and parse log files from all the nodes that participated. -
Unified table: The
CassandraAuditWriter
logger records all database activity that happens on the local node in thehcd_audit.audit_log
table. Events from all nodes with the logger enabled are captured in the same table. This allows you to easily create reports that include multiple nodes.