Given that the current audit log also includes the majority of read-only
operations (getfileinfo, liststatus, etc.) it seems to me that the audit log's
purpose has changed to be more of a record of both modifications and queries
against the file system's metadata. The delegation token related operations
match closely with what is currently in the audit log. Our team was also
surprised to find that they were not currently present. Especially given that
we have HDFS-6888 to limit the size of the audit log by omitting common
operations, it does not seem harmful to add these token ops.
Erik
On 8/14/17, 5:44 PM, "Allen Wittenauer" <a...@apache.org> wrote:
[You don't often get email from a...@apache.org. Learn why this is
important at http://aka.ms/LearnAboutSenderIdentification.]
On 2017-08-14 11:52, Xiao Chen <x...@cloudera.com> wrote:
> When inspecting the code, I found that the following methods in
> FSNamesystem are not audit logged:
...
> I checked with ATM hoping for some history, but no known to him. Anyone
> know the reason to not audit log these?
The audit log was designed for keeping track of things that
actually change the contents/metadata of the file system. Other HDFS operations
were getting logged to the NN log or some other more appropriate to limit the
noise.
https://effectivemachines.com/2017/03/08/unofficial-history-of-the-hdfs-audit-log/
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
