On Tue, 14 Jan 2025 at 17:02, Andrew Weaver <andrewjwea...@gmail.com> wrote:
> I can confirm that on 4.0.x it works as expected because we use this > extensively. > Hi Andrew, that is good to hear. Although i also tried it with the latest 4.0.15 and see worse behaviour: Activating auditlog with nodetool shows in syslog: INFO [RMI TCP Connection(2)-127.0.0.1] 2025-01-15 10:05:44,688 StorageService.java:6083 - AuditLog is enabled with logger: [FileAuditLogger{}], included_keyspaces: [], excluded_keyspaces: [system,system_schema,system_virtual_schema], included_categories: [ERROR, AUTH, DCL], excluded_categories: [], included_users: [], excluded_users: [], archive_command: [] But login with cqlsh does not show in syslog. Logback conf is the same as in 4.1.7. What do i miss? Thx, Sebastian. > > On Tue, Jan 14, 2025, 10:00 AM Jeff Jirsa <jji...@gmail.com> wrote: > >> Surprising. Feels like something that should change. If it’s enabled in >> yaml, why WOULDNT we want it started on start? >> >> >> >> On Jan 14, 2025, at 7:40 AM, Štefan Miklošovič <smikloso...@apache.org> >> wrote: >> >> Hi Sebastian, >> >> the behaviour you see seems to be a conscious decision: >> >> >> https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/audit/AuditLogManager.java#L204 >> >> On Tue, Jan 14, 2025 at 4:21 PM Sebastian Albrecht < >> sebastian.albre...@agido.com> wrote: >> >>> Hi, >>> i am using cassandra 4.1 and i want activate audit logging. I set the >>> following values in cassandra.yml and expect that logging starts after the >>> next cassandra start: >>> audit_logging_options: >>> enabled: true >>> logger: >>> - class_name: FileAuditLogger >>> included_categories: DCL, ERROR, AUTH >>> >>> After startup it is also logging: AuditLogManager.java:77 - Audit >>> logging is enabled. >>> But when i emit an event that should appear in the audit log (i.e. try >>> login with wrong password), i do not see it. I have to explicitly enable it >>> via nodetool for the audit logs to be seen. After cassandra restart it >>> seems to be disabled again. >>> Anyone also came across that? >>> >>> Thx, >>> Sebastian. >>> >> >> -- Sebastian Albrecht agido GmbH | agido.com Hörder Hafenstrasse 11 (S.E.A.House) 44263 Dortmund Amtsgericht Dortmund: HRB 20179 USt-IdNr.: DE287205768