Filter event categories
Configure which categories to capture in the audit_logging_options
section of the cassandra.yaml
file.
The location of the cassandra.yaml
configuration file depends on your installation type.
-
Package installations
-
Tarball installations
/etc/hcd/cassandra/cassandra.yaml
INSTALLATION_LOCATION/resources/cassandra/conf/cassandra.yaml
Replace INSTALLATION_LOCATION with the path where you extracted the HCD tarball.
audit_logging_options:
enabled: true
logger:
- class_name: LOGGER_NAME
# included_categories:
# excluded_categories:
where LOGGER_NAME
is SLF4JAuditWriter
or CassandraAuditWriter
.
Category types
By default, HCD captures all event categories when auditing is enabled, and the following parameters are commented out.
Use either the included_categories
or excluded_categories
parameter to limit which categories are captured.
-
included_categories
: Includes only listed categories; excludes all others. -
excluded_categories
: Excludes listed categories; includes all others.
Audit logging event categories and types
All events have both a category and a type.
A type usually maps directly to a CQL
command.
The following list shows all the types in each category.
Data Definition Language (DDL)
DDL (Data Definition Language) logs the following database schema changes:
Event category | CQL commands |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Data Manipulation Language (DML)
DML (Data Manipulation Language) logs the following database data changes:
Event category | CQL command |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
DataStax driver prepared statement, such as Java - Prepared Statement |
|
Data Control Language (DCL)
DCL (Data Control Language) logs the following database control, or role or permission changes:
Event category | CQL command |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
QUERY
QUERY logs the following data retrieval events:
Event type | CQL or other command |
---|---|
|
|
|
Remote Procedure Call (RPC) statement. |
AUTH
AUTH logs the following authentication and authorization events:
Event type | CQLSH command |
---|---|
|
Successful login attempt. LOGIN and login requests sent from DataStax drivers. |
|
Failed login attempt. |
|
Unauthorized access attempt. |
ERROR
ERROR logs the following error events:
Event type | Information |
---|---|
ERROR |
Logs |
REQUEST_FAILURE |
Logs failed requests. |
UNKNOWN
UNKNOWN logs the following unknown events:
Event type | Information |
---|---|
|
Logs unknown events. |
Example
Include only data retrieval and manipulation events:
audit_logging_options:
enabled: true
logger:
- class_name: SLF4JAuditWriter
included_categories: QUERY, DDL, AUTH
# excluded_categories: