Hello,
Cassandra 4.1.7, running in docker container.
Audit settings:
# nodetool -u jmx -pw password getauditlog
enabled true
logger FileAuditLogger
audit_logs_dir /opt/cassandra/logs/audit
archive_command
roll_cycle HOURLY
block true
max_log_size 17179869184
max_queue_weight 268435456
max_archive_retries 10
included_keyspaces uat_chat_api
excluded_keyspaces system, system_schema, system_virtual_schema
included_categories
excluded_categories
included_users
excluded_users
(also tried with
included_categories="QUERY,DML,DDL,DCL,OTHER,AUTH,ERROR,PREPARE")
Logger settings:
root@ip-172-22-4-62:/etc/cassandra# cat logback.xml
<configuration scan="true">
<jmxConfigurator />
<!-- STDOUT console appender to stdout (INFO level) -->
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
<level>INFO</level>
</filter>
<encoder>
<pattern>%-5level [%thread] %date{ISO8601} %F:%L - %msg%n</pattern>
</encoder>
</appender>
<root level="INFO">
<appender-ref ref="STDOUT" />
</root>
<logger name="org.apache.cassandra" level="INFO"/>
<logger name="com.thinkaurelius.thrift" level="ERROR"/>
</configuration>
A simple SELECT query:
user@cqlsh> select * from uat_chat_api.channel where channel_id =
8200b205-9211-43ec-8487-20ecf8f037ff limit 1
does appear in the log:
INFO [Native-Transport-Requests-1] 2025-03-31 11:38:50,731
FileAuditLogger.java:51 -
user:user|host:cass-uat-1.firecamp-uat-firecamp.com/172.22.4.62:7000|source:/172.22.4.189|port:53232|timestamp:1743421130722|type:SELECT|category:QUERY|ks:uat_chat_api|scope:channel|operation:select
* from uat_chat_api.channel where channel_id =
8200b205-9211-43ec-8487-20ecf8f037ff limit 1;
However, the GRANT/REVOKE queries:
user@cqlsh> grant MODIFY ON KEYSPACE uat_chat_api to reaper;
user@cqlsh> revoke MODIFY ON KEYSPACE uat_chat_api from reaper;
do not. Any ideas why?
Please, help.
--
Best regards,
Alex Kolesnik
