View events from HCD audit table
The hcd_audit.audit_log table stores database activity events for all nodes that have auditing enabled with the CassandraAuditWriter logger.
Use CQL to query the table and view results.
|
Set the replication factor for the |
audit_log columns
The audit log table contains all events from nodes that have auditing enabled.
HCD parses the events into the following columns.
|
In |
| Column | Type | Description |
|---|---|---|
|
timestamp |
Date of the event. (Partition column 1) |
|
inet |
HCD node IP address. (Partition column 2) |
|
int |
Current hour of the day * 3600, using GMT. (Partition column 3) |
|
timeuuid |
A TIMEUUID generated when the event began. (Clustering column) |
|
text |
User name or id used to login. |
|
uuid |
The UUID of the batch query the event was grouped with when written to Cassandra. |
|
text |
|
|
text |
Request consistency level. |
|
text |
Keyspace name where the event occurred. |
|
text |
Event description and CQL request if applicable. |
|
text |
Client IP address. |
|
text |
Table name where the event occurred if applicable. |
|
text |
The type of the event. See types in each category. |
|
text |
HCD role name of the logged in user. |
Example Output
The following is an example of audit log output:
date | node | day_partition | event_time | authenticated | batch_id | category | consistency | keyspace_name | operation | source | table_name | type | username
2023-01-01 12:00:00 | 127.0.0.1 | 43200 | uuid-1 | admin | uuid-2 | QUERY | ONE | test | SELECT * FROM users | 127.0.0.1 | users | CQL_SELECT | admin