Filter keyspaces
Locate the cassandra.yaml configuration file.
The location of this file depends on your installation type.
-
Package installations
-
Tarball installations
/etc/hcd/cassandra/cassandra.yamlINSTALLATION_LOCATION/resources/cassandra/conf/cassandra.yamlReplace INSTALLATION_LOCATION with the path where you extracted the HCD tarball.
Configure which keyspaces to capture in the audit_logging_options section of the cassandra.yaml.
audit_logging_options:
enabled: true
logger:
- class_name: LOGGER_NAME
# included_categories:
# excluded_categories:
# included_keyspaces:
# excluded_keyspaces:where LOGGER_NAME is SLF4JAuditWriter or CassandraAuditWriter.
By default, both keyspace parameters are commented out and therefore all events are captured. Use only one of the following parameters to limit which events are captured:
-
included_keyspaces: Includes only matching keyspaces; excludes all others.When specifying that keyspaces are part of an access list by enabling the parameter
included_keyspaces,AUTHmessages are not captured. -
excluded_keyspaces- Excludes matching keyspaces; includes all others.
Match keypsaces using a comma separated list of names or a single regular expression.
Example
The system local keyspace is queried on every log in, the following exclusion will show login events without showing additional queries to the system_local keyspace.
audit_logging_options:
enabled: true
logger:
- class_name: <logger_name>
# included_categories:
# excluded_categories:
# included_keyspaces:
excluded_keyspaces: system_local