On Tue, 14 Jan 2025 at 17:00, Dmitry Konstantinov <netud...@gmail.com> wrote:
> Hi all, > > > > https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/audit/AuditLogManager.java#L204 > > I suppose this logic should work during a startup: > https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/audit/AuditLogManager.java#L109 > , shouldn't? > It would be very strange to have it as an expected behavior: to manually > enable audit every time after a startup when it is configured as enabled in > a config file.. > Hi Dmitry, > Sebastian, what is the exact version of Cassandra you use? > Current version is 4.1.7 > > > But when i emit an event that should appear in the audit log (i.e. try > login with wrong password), i do not see it > Sebastian, how do you check the event presence in the log? > I use the FileAuditLogger which, because i keep the logback config part for audit log commented, logs to the system log and there i can see the audit events (but only after i enabled it via nodetool). On startup: INFO [main] 2025-01-15 09:03:34,265 AuditLogManager.java:73 - Audit logging is enabled. nodetool enableauditlog: INFO [RMI TCP Connection(2)-127.0.0.1] 2025-01-15 09:25:23,553 StorageService.java:6477 - AuditLog is enabled with configuration: AuditLogOptions{enabled=true, logger='FileAuditLogger', included_keyspaces='', excluded_keyspaces='system,system_schema,system_virtual_schema', included_categories='DCL,ERROR,AUTH', excluded_categories='', included_users='', excluded_users='', audit_logs_dir='logs/audit', archive_command='', roll_cycle='HOURLY', block=true, max_queue_weight=268435456, max_log_size=17179869184, max_archive_retries=10} connect with cqlsh shows in system.log: INFO [Native-Transport-Requests-1] 2025-01-15 09:29:24,670 FileAuditLogger.java:51 - user:cassandra|host:localhost/127.0.0.1:7000 |source:/127.0.0.1|port:54930|timestamp:1736929764670|type:LOGIN_SUCCESS|category:AUTH|operation:LOGIN SUCCESSFUL INFO [Native-Transport-Requests-11] 2025-01-15 09:29:24,774 FileAuditLogger.java:51 - user:cassandra|host:localhost/127.0.0.1:7000 |source:/127.0.0.1|port:54931|timestamp:1736929764774|type:LOGIN_SUCCESS|category:AUTH|operation:LOGIN SUCCESSFUL I assume that it doesn't have to do anything with that i do not set logback up to write into a seperate file. System.log is just fine for me. I guess i am missing another toggle to switch on or sth. Thx, Sebastian. > > Regards, > Dmitry > > On Tue, 14 Jan 2025 at 15:41, Štefan Miklošovič <smikloso...@apache.org> > wrote: > >> Hi Sebastian, >> >> the behaviour you see seems to be a conscious decision: >> >> >> https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/audit/AuditLogManager.java#L204 >> >> On Tue, Jan 14, 2025 at 4:21 PM Sebastian Albrecht < >> sebastian.albre...@agido.com> wrote: >> >>> Hi, >>> i am using cassandra 4.1 and i want activate audit logging. I set the >>> following values in cassandra.yml and expect that logging starts after the >>> next cassandra start: >>> audit_logging_options: >>> enabled: true >>> logger: >>> - class_name: FileAuditLogger >>> included_categories: DCL, ERROR, AUTH >>> >>> After startup it is also logging: AuditLogManager.java:77 - Audit >>> logging is enabled. >>> But when i emit an event that should appear in the audit log (i.e. try >>> login with wrong password), i do not see it. I have to explicitly enable it >>> via nodetool for the audit logs to be seen. After cassandra restart it >>> seems to be disabled again. >>> Anyone also came across that? >>> >>> Thx, >>> Sebastian. >>> >> > > -- > Dmitry Konstantinov > -- Sebastian Albrecht agido GmbH | agido.com Hörder Hafenstrasse 11 (S.E.A.House) 44263 Dortmund Amtsgericht Dortmund: HRB 20179 USt-IdNr.: DE287205768
