Filter keyspaces
Locate the cassandra.yaml configuration file. The location of this file depends on the type of installation:
-
Package installations:
/etc/hcd/cassandra/cassandra.yaml -
Tarball installations:
<installation_location>/resources/cassandra/conf/cassandra.yaml
Configure which keyspaces to capture in the audit_logging_options section of the cassandra.yaml.
audit_logging_options:
enabled: true
logger:
- class_name: <logger_name>
# included_categories:
# excluded_categories:
# included_keyspaces:
# excluded_keyspaces:where <logger_name> is SLF4JAuditWriter or CassandraAuditWriter.
By default, both keyspace parameters are commented out and therefore all events are captured. Use only one of the following parameters to limit which events are captured:
-
included_keyspaces: Includes only matching keyspaces; excludes all others.When specifying that keyspaces are part of an access list by enabling the parameter
included_keyspaces,AUTHmessages are not captured. -
excluded_keyspaces- Excludes matching keyspaces; includes all others.
Match keypsaces using a comma separated list of names or a single regular expression.
Example
The system local keyspace is queried on every log in, the following exclusion will show login events without showing additional queries to the system_local keyspace.
audit_logging_options:
enabled: true
logger:
- class_name: <logger_name>
# included_categories:
# excluded_categories:
# included_keyspaces:
excluded_keyspaces: system_local