Enable audit logging to a file

Use Simple Logging Facade for Java (SLF4J) audit writer (SLF4JAuditWriter) logger to record all database activity that occurs on the local node to the audit.log file. Secure the log file by controlling access using standard Linux file system permissions.

Hyper-Converged Database (HCD) does not support data encryption for the audit.log file. Encryption is only available for the hcd_audit.audit_log table.

audit.log

The location of the audit.log file is:

  • /var/log/cassandra/audit/audit.log

To capture events to the audit.log file:

  1. Locate the cassandra.yaml configuration file. The location of this file depends on the type of installation:

    • Package installations: /etc/hcd/cassandra/cassandra.yaml

    • Tarball installations: <installation_location>/resources/cassandra/conf/cassandra.yaml

  2. Set the audit_logging_options in the cassandra.yaml file:

audit_logging_options:
    enabled: true
    logger:
      - class_name: SLF4JAuditWriter

  • enabled: true - Turns on logging after the next start up.

  • logger: SLF4JAuditWriter - Logger name.

In the Cassandra log directory, HCD creates audit/audit.log. After the log file reaches the configured size threshold, it rolls over, and the log file name is changed. The file names include a numerical suffix that is determined by the maxBackupIndex property.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax, an IBM Company | Privacy policy | Terms of use | Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com