Re: Disscuss of enabling READ audit log by default

2022-04-18 Thread Janus Chow
Hello, The feature to exclude certain operations for audit log is ready: https://github.com/apache/ozone/pull/3289 Please help to review. We also noticed it might be inconvenient for users to update the configuration, since it needs to r

Re: Disscuss of enabling READ audit log by default

2022-04-06 Thread Janus Chow
Hello, @Arp @feihui, Thanks for the reply. Have created a ticket for the feature to exclude operations on demand. ( https://issues.apache.org/jira/browse/HDDS-6562) Thanks Yiyang Arpit Agarwal 于2022年4月6日周三 21:36写道: > Hi Yiyang, > > +1 to enable if we have a way to exclude on demand. >

Re: Disscuss of enabling READ audit log by default

2022-04-06 Thread Arpit Agarwal
Hi Yiyang, +1 to enable if we have a way to exclude on demand. Thanks, Arpit > On Apr 3, 2022, at 9:37 PM, Janus Chow wrote: > > Thanks for the reply. @Arp > > From the commit in > https://github.com/apache/hadoop/blob/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml

Re: Disscuss of enabling READ audit log by default

2022-04-06 Thread Hui Fei
Thanks for starting this discussion. I also prefer to enable READ audit. In my experience data security is very important. Janus Chow 于2022年4月4日周一 10:59写道: > Hi Ozone dev, > > When checking the audit logs from Ozone components, we found that by > default Ozone only logs WRITE operations. In orde

Re: Disscuss of enabling READ audit log by default

2022-04-03 Thread Janus Chow
Thanks for the reply. @Arp >From the commit in https://github.com/apache/hadoop/blob/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml#L3190, I think by default the configuration is empty. In a releted ticket, https://issues.apache.org/jira/browse/HDFS-9828, It's also reco

Re: Disscuss of enabling READ audit log by default

2022-04-03 Thread Arpit Agarwal
Hi Janus, Performance will be the main concern. In busy HDFS clusters admins are likely to use dfs.namenode.audit.log.debug.cmdlist. Have you enabled read audit logging in your Ozone cluster? What is the number of requests/second? Thanks, Arpit > On Apr 3, 2022, at 7:58 PM, Janus Chow wrote

Disscuss of enabling READ audit log by default

2022-04-03 Thread Janus Chow
Hi Ozone dev, When checking the audit logs from Ozone components, we found that by default Ozone only logs WRITE operations. In order to enable the audit log for READ operations, we need to change the configurations in audit-log4j2.properties. That brings some confusion for users when comparing it