[
https://issues.apache.org/jira/browse/SOLR-12120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16419518#comment-16419518
]
Hrishikesh Gadre commented on SOLR-12120:
-----------------------------------------
[~janhoy] Sorry for late reply.
{quote}Should we strive to have only *one* audit log event per Solr request, or
is it common to have multiple as currently done in this patch, i.e. one for
successful authentication and another for authorization?
{quote}
I think there is no need to log authentication success events when
authorization is configured. So in that case we can just track authentication
failures. It may also be a good idea to support suppressing some of these
events (e.g. a user may only care about actions performed by authenticated
users. So we may not want to generate authentication failure events in that
case).
{quote} * Should we log internal requests, i.e. overseer actions, or requests
stemming from auto-scaling triggers etc?{quote}
I don't think audit log plugin needs to care about internal vs. external
requests. It should just log every incoming request. At least this is how I
have implemented audit logs for Solr in Sentry.
{quote}For distributed requests, should we log only on the first node, or on
every replica that the request is distributed to?
{quote}
Same as above. Just by logging every incoming request, we can avoid all these
complications.
> New plugin type AuditLoggerPlugin
> ---------------------------------
>
> Key: SOLR-12120
> URL: https://issues.apache.org/jira/browse/SOLR-12120
> Project: Solr
> Issue Type: New Feature
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Time Spent: 2h 20m
> Remaining Estimate: 0h
>
> Solr needs a well defined plugin point to implement audit logging
> functionality, which is independent from whatever {{AuthenticationPlugin}} or
> {{AuthorizationPlugin}} are in use at the time.
> It seems reasonable to introduce a new plugin type {{AuditLoggerPlugin}}. It
> could be configured in solr.xml or it could be a third type of plugin defined
> in {{security.json}}, i.e.
> {code:java}
> {
> "authentication" : { "class" : ... },
> "authorization" : { "class" : ... },
> "auditlogging" : { "class" : "x.y.MyAuditLogger", ... }
> }
> {code}
> We could then instrument SolrDispatchFilter to the audit plugin with an
> AuditEvent at important points such as successful authentication:
> {code:java}
> auditLoggerPlugin.audit(new SolrAuditEvent(EventType.AUTHENTICATED,
> request));
> {code}
> We will mark the impl as {{@lucene.experimental}} in the first release to
> let it settle as people write their own plugin implementations.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
