Filter keyspaces
Locate the cassandra.yaml
configuration file.
The location of this file depends on your installation type.
-
Package installations
-
Tarball installations
/etc/hcd/cassandra/cassandra.yaml
INSTALLATION_LOCATION/resources/cassandra/conf/cassandra.yaml
Replace INSTALLATION_LOCATION with the path where you extracted the HCD tarball.
Configure which keyspaces to capture in the audit_logging_options
section of the cassandra.yaml
.
audit_logging_options:
enabled: true
logger:
- class_name: LOGGER_NAME
# included_categories:
# excluded_categories:
# included_keyspaces:
# excluded_keyspaces:
where LOGGER_NAME
is SLF4JAuditWriter
or CassandraAuditWriter
.
By default, both keyspace parameters are commented out and therefore all events are captured. Use only one of the following parameters to limit which events are captured:
-
included_keyspaces
: Includes only matching keyspaces; excludes all others.When specifying that keyspaces are part of an access list by enabling the parameter
included_keyspaces
,AUTH
messages are not captured. -
excluded_keyspaces
- Excludes matching keyspaces; includes all others.
Match keypsaces using a comma separated list of names or a single regular expression.
Example
The system local keyspace is queried on every log in, the following exclusion will show login events without showing additional queries to the system_local keyspace.
audit_logging_options:
enabled: true
logger:
- class_name: <logger_name>
# included_categories:
# excluded_categories:
# included_keyspaces:
excluded_keyspaces: system_local