Set up database auditing
Capture Hyper-Converged Database (HCD) activity to a log file or table. Each node only records the events that happen locally. Use the configuration to refine the type of events captured. DSE provides the following customizations:
-
Keyspace filtering: Capture activity in every keyspace or only targeted keyspaces. Filter keyspace names using
regex
. -
Category filtering: Identify event categories to limit the number of events captured.
-
Role filtering: Track the activity of particular users or groups by their login role name.
-
Node specific: Enable auditing on one or more nodes. Allows auditing of only specific nodes, an entire datacenter, or the whole cluster.
You can configure logging levels, mask sensitive data, and for the log file
set the file name, location, size threshold
, and max log
files in the logback.xml
file.
The location of the logback.xml
file depends on your installation type.
-
Package installations
-
Tarball installations
/etc/hcd/cassandra/logback.xml
INSTALLATION_LOCATION/resources/cassandra/conf/logback.xml
Replace INSTALLATION_LOCATION with the path where you extracted the HCD tarball.
Choose a file versus table
Audit logging options are configured on a per node basis and therefore can be different on each node. HCD supports the following methods to record database activity:
-
Log file (per node): The
SLF4JAuditWriter
[Simple Logging Facade for Java (SLF4J
) Audit Writer] logger records all database activity that occurs on the local node to theaudit.log
file. When tracing a multi-node request, collect and parse log files from all the nodes that participated. -
Unified table: The
CassandraAuditWriter
logger records all database activity that happens on the local node in thehcd_audit.audit_log
table. Events from all nodes with the logger enabled are captured in the same table. This allows you to easily create reports that include multiple nodes.