Details
-
Brainstorming
-
Status: Closed
-
Major
-
Resolution: Abandoned
-
0.95.2
-
None
-
None
Description
Currently, AccessControler takes care of both generating audit events (by performing access checks) and storing them (by creating a log message and writing it to the AUDITLOG logger).
This makes the logging system the only way to catch audit events. It means that if someone wants to do something fancier (like writing these records to a database somewhere), they need to hack through the logging system, and parse the messages generated by AccessController, which is not optimal.
The attached patch decouples generation and storage by introducing a new interface, used by AccessController, to log the audit events. The current, log-based storage is kept in place so that current users won't be affected by the change.
I'm filing this as an RFC at this point, so the patch is not totally clean; it's on top of HBase 0.92 (which is easier for me to test) and doesn't have any unit tests, for starters. But the changes should be very similar on trunk - I don't remember changes in this particular area of the code between those versions.
Attachments
Attachments
Issue Links
- relates to
-
HDFS-3680 Allow customized audit logging in HDFS FSNamesystem
-
- Closed
-