[
https://issues.apache.org/jira/browse/HADOOP-13396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15427641#comment-15427641
]
Xiao Chen commented on HADOOP-13396:
------------------------------------
Thanks Wei-Chiu and Andrew for the great reviews!!
I will need more time to come back with the comments, but here's a sample
output, pending to roll back the URL changes. (Getting from running the
{{testAuditLogFormat}} tests from both, which is exactly the same as what it
would show in actual audit log files.)
Text:
{noformat}
OK[op=GENERATE_EEK, key=k4, user=luser, accessCount=1, interval=1ms] testmsg
OK[op=GENERATE_EEK, user=luser] testmsg
OK[op=GENERATE_EEK, key=k4, user=luser, accessCount=1, interval=5ms] testmsg
UNAUTHORIZED[op=DECRYPT_EEK, key=k4, user=luser]
ERROR[user=luser] Method:'method' Exception:'testmsg' url:'url'
UNAUTHENTICATED RemoteHost:remotehost Method:method URL:url ErrorMsg:'testmsg'
{noformat}
Json:
{noformat}
{"username":"luser","impersonator":"null!","ipAddress":"Unknown","operation":"GENERATE_EEK","eventTime":1471583567510,"allowed":true,"result":"OK","accessCount":"1","extraMessage":"testmsg","interval":"2","key":"k4"}
{"username":"luser","impersonator":"null!","ipAddress":"Unknown","operation":"GENERATE_EEK","eventTime":1471583567538,"allowed":true,"result":"OK","extraMessage":"testmsg"}
{"username":"luser","impersonator":"null!","ipAddress":"Unknown","operation":"GENERATE_EEK","eventTime":1471583568543,"allowed":true,"result":"OK","accessCount":"1","extraMessage":"testmsg","interval":"1035","key":"k4"}
{"username":"luser","impersonator":"null!","ipAddress":"Unknown","operation":"DECRYPT_EEK","eventTime":1471583568544,"allowed":false,"result":"UNAUTHORIZED","extraMessage":"","key":"k4"}
{"username":"luser","impersonator":"null!","ipAddress":"Unknown","operation":"Unknown","eventTime":1471583568544,"allowed":false,"result":"ERROR","extraMessage":"Method:'method'
Exception:'testmsg' url:'url'"}
{"username":"null!","impersonator":"null!","ipAddress":"remotehost","operation":"Unknown","eventTime":1471583568545,"allowed":false,"result":"UNAUTHENTICATED","extraMessage":"RemoteHost:remotehost
Method:method URL:url ErrorMsg:'testmsg'"}
{noformat}
> Add json format audit logging to KMS
> ------------------------------------
>
> Key: HADOOP-13396
> URL: https://issues.apache.org/jira/browse/HADOOP-13396
> Project: Hadoop Common
> Issue Type: New Feature
> Components: kms
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Attachments: HADOOP-13396.01.patch, HADOOP-13396.02.patch,
> HADOOP-13396.03.patch, HADOOP-13396.04.patch, HADOOP-13396.05.patch,
> HADOOP-13396.06.patch
>
>
> Currently, KMS audit log is using log4j, to write a text format log.
> We should refactor this, so that people can easily add new format audit logs.
> The current text format log should be the default, and all of its behavior
> should remain compatible.
> A json format log extension is added using the refactored API, and being
> turned off by default.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
