Thanks for the reply. @Arp >From the commit in https://github.com/apache/hadoop/blob/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml#L3190, I think by default the configuration is empty.
In a releted ticket, https://issues.apache.org/jira/browse/HDFS-9828, It's also recommended not to disable READ audit logs. Currently, we only enabled audit for READ in our UAT cluster, the request/second is not very high, in PROD cluster, it should be quite higher. IMHO, the read audit log is quite useful, the problem is that we don't have a similar way like HDFS to exclude some read operations. If we have a similar exclude mechanism, is it ok to enable READ operation audit log by default? Thanks Yiyang Arpit Agarwal <aagar...@cloudera.com.invalid> 于2022年4月4日周一 12:01写道: > Hi Janus, > > Performance will be the main concern. In busy HDFS clusters admins are > likely to use dfs.namenode.audit.log.debug.cmdlist. > > Have you enabled read audit logging in your Ozone cluster? What is the > number of requests/second? > > Thanks, > Arpit > > > > On Apr 3, 2022, at 7:58 PM, Janus Chow <yiyang0...@gmail.com> wrote: > > > > Hi Ozone dev, > > > > When checking the audit logs from Ozone components, we found that by > > default Ozone only logs WRITE operations. In order to enable the audit > log > > for READ operations, we need to change the configurations in > > audit-log4j2.properties. > > That brings some confusion for users when comparing it to some other > > storage systems, like HDFS, in which audit logs are enabled for both READ > > and WRITE by default. > > > > We have a Jira ticket(https://issues.apache.org/jira/browse/HDDS-6532) > and > > PR (https://github.com/apache/ozone/pull/3255) about adding audit logs > for > > READ operations by default. > > Could you help to check and comment if there are any specific concerns > > not to enable READ audit logs? > > > > Yiyang > > Thank you very much. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@ozone.apache.org > For additional commands, e-mail: dev-h...@ozone.apache.org > >
