cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Per Otterström (JIRA) <>
Subject [jira] [Commented] (CASSANDRA-14498) Audit log does not include statements on some system keyspaces
Date Thu, 07 Jun 2018 06:31:00 GMT


Per Otterström commented on CASSANDRA-14498:

bq. are there any use cases where you would to audit system keyspaces?

One use case would be to get audit logs on all operations from selected users.

bq. auditing these generate lot of noise as C* calls system keyspaces in many places

Internal calls in C* will not come through the audit logger. Right? I've observed that client
drivers will emit some queries on their own. This typically happens when a user login or when
there are schema changes. But that only represents a fraction of all operations coming from
a client.

The problem I see with a hard coded filter is that it will not only filter out queries from
the driver, but also any query issued by the client application on those keyspaces.

The decision should be with the administrator of the cluster and it will still be possible
to whitelist these queries with configuration. We could add some documentation on this so
that users will not get surprised when they see queries in the log that they didn't expect.

> Audit log does not include statements on some system keyspaces
> --------------------------------------------------------------
>                 Key: CASSANDRA-14498
>                 URL:
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Auth
>            Reporter: Per Otterström
>            Priority: Major
>              Labels: audit, lhf, security
>             Fix For: 4.0
> Audit logs does not include statements on the "system" and "system_schema" keyspace.
> It may be a common use case to whitelist queries on these keyspaces, but Cassandra should
not make assumptions. Users who don't want these statements in their audit log are still able
to whitelist them with configuration.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message