ecaudit icon indicating copy to clipboard operation
ecaudit copied to clipboard
verified publisher icon Ericsson

Only login "Authentication attempt " operation is logged in Cassandra 3.11.6 Audit Log

Open rups789 opened this issue 5 years ago • 6 comments

Hello ,

I started to test audit plugin for Cassandra 3.11.6 and respective jar for the same ecaudit_c3.11-2.6.0.jar. on windows 10 64 bit machine.

I have Followed the steps as per https://github.com/Ericsson/ecaudit/blob/release/c3.0/doc/install.md

cqlsh prompt starts with - cqlsh ip -u cassandra -p pswd

Only login "Authentication attempt " operations are logged when tested from cqlsh prompt . Select ,insert,delete and other operations are not logged in the audit log file .

Followed the instructions given by Mr. eperott when the same issue was raised by Mr. ashokkoti on Oct 2, 2018.

Still I am not getting the expected result.

Whats the problem? Are there any extra steps needed to be followed !

Audit.log file contents: 10:05:42.254-> client=XXXX, user=cassandra, status=ATTEMPT ,operation=Authentication attempt 10:06:39.912-> client=XXXX, user=cassandra, status=ATTEMPT ,operation=Authentication attempt 10:06:40.245-> client=XXXX, user=cassandra, status=ATTEMPT ,operation=Authentication attempt 10:08:44.261-> client=XXXX, user=cassandra, status=ATTEMPT ,operation=Authentication attempt 10:08:44.604-> client=XXXX, user=cassandra, status=ATTEMPT ,operation=Authentication attempt 10:12:50.634-> client=XXXX, user=cassandra, status=ATTEMPT ,operation=Authentication attempt

Audit.yaml, cassandra.yaml and logback.xml -- updated files are attached herewith.

Thank You.

audit-yaml cassandra-yaml logback-xml

rups789 avatar Jun 24 '20 08:06 rups789

Thanks for the report!

Can you show content of your cassandra-env.sh as well - or the corresponding file for Windows deployments?

eperott avatar Jun 24 '20 11:06 eperott

cassandra-env-sh

rups789 avatar Jun 25 '20 08:06 rups789

I believe that you don't get any log records from queries because the custom_query_handler isn't picked up by Cassandra.

I have not tried Cassandra or ecAudit on Windows. But since you are deploying on Windows I believe you need to make these settings in the cassandra-env.ps1 file instead. I guess it should look something like this by the end:

...
    $env:JVM_EXTRA_OPTS="$env:JVM_EXTRA_OPTS -Dcassandra.custom_query_handler_class=com.ericsson.bss.cassandra.ecaudit.handler.AuditQueryHandler"
    $env:JVM_OPTS="$env:JVM_OPTS $env:JVM_EXTRA_OPTS"
}

Let me know if that works?

eperott avatar Jun 30 '20 17:06 eperott

Hi ! Thanks for reply. I tried the changes in the cassandra-env.ps1, but still queries are not getting logged in audit log. I am working with standalone machine. cassandra-env-ps1

rups789 avatar Jul 01 '20 07:07 rups789

Hey! Sorry for not responding earlier on this.

Were you able to solve this?

eperott avatar Sep 16 '20 19:09 eperott

Hi ! Not able to solve it on windows. Able to generate the log file from Ubuntu. But it will be helpful, if I could able to get it through windows machine.

rups789 avatar Sep 18 '20 06:09 rups789