On Tue, 14 Jan 2025 at 17:02, Andrew Weaver <andrewjwea...@gmail.com> wrote:
> I can confirm that on 4.0.x it works as expected because we use this
> extensively.
>
Hi Andrew,
that is good to hear. Although i also tried it with the latest 4.0.15 and
see worse behaviour: Activating auditlog with nodetool shows in syslog:
INFO [RMI TCP Connection(2)-127.0.0.1] 2025-01-15 10:05:44,688
StorageService.java:6083 - AuditLog is enabled with logger:
[FileAuditLogger{}], included_keyspaces: [], excluded_keyspaces:
[system,system_schema,system_virtual_schema], included_categories: [ERROR,
AUTH, DCL], excluded_categories: [], included_users: [], excluded_users:
[], archive_command: []
But login with cqlsh does not show in syslog. Logback conf is the same as
in 4.1.7. What do i miss?
Thx,
Sebastian.
>
> On Tue, Jan 14, 2025, 10:00 AM Jeff Jirsa <jji...@gmail.com> wrote:
>
>> Surprising. Feels like something that should change. If it’s enabled in
>> yaml, why WOULDNT we want it started on start?
>>
>>
>>
>> On Jan 14, 2025, at 7:40 AM, Štefan Miklošovič <smikloso...@apache.org>
>> wrote:
>>
>> Hi Sebastian,
>>
>> the behaviour you see seems to be a conscious decision:
>>
>>
>> https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/audit/AuditLogManager.java#L204
>>
>> On Tue, Jan 14, 2025 at 4:21 PM Sebastian Albrecht <
>> sebastian.albre...@agido.com> wrote:
>>
>>> Hi,
>>> i am using cassandra 4.1 and i want activate audit logging. I set the
>>> following values in cassandra.yml and expect that logging starts after the
>>> next cassandra start:
>>> audit_logging_options:
>>> enabled: true
>>> logger:
>>> - class_name: FileAuditLogger
>>> included_categories: DCL, ERROR, AUTH
>>>
>>> After startup it is also logging: AuditLogManager.java:77 - Audit
>>> logging is enabled.
>>> But when i emit an event that should appear in the audit log (i.e. try
>>> login with wrong password), i do not see it. I have to explicitly enable it
>>> via nodetool for the audit logs to be seen. After cassandra restart it
>>> seems to be disabled again.
>>> Anyone also came across that?
>>>
>>> Thx,
>>> Sebastian.
>>>
>>
>>
--
Sebastian Albrecht
agido GmbH | agido.com
Hörder Hafenstrasse 11 (S.E.A.House)
44263 Dortmund
Amtsgericht Dortmund: HRB 20179
USt-IdNr.: DE287205768
