Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
3.3.4
-
None
Description
We found that in other components (like namenode in hdfs or resourcemanager in yarn), debug log and audit log are record seperately, except RouterAdminServer.
There are lots of simple logs to help with debugging for the developers who can access to the source code. And there are also audit logs record privileged operations with more detailed information to help system admins understand what happened in a real run.
There is an example in yarn:
try { // Safety userUgi = UserGroupInformation.getCurrentUser(); user = userUgi.getShortUserName(); } catch (IOException ie) { LOG.warn("Unable to get the current user.", ie); // debug log RMAuditLogger.logFailure(user, AuditConstants.SUBMIT_APP_REQUEST, ie.getMessage(), "ClientRMService", "Exception in submitting application", applicationId, callerContext, submissionContext.getQueue()); // audit log throw RPCUtil.getRemoteException(ie); }
So I suggest to add an audit log for RouterAdminServer to save privileged operation logs seperately.
The logger' s name may be:
// hadoop security public static final Logger AUDITLOG = LoggerFactory.getLogger( "SecurityLogger." + ServiceAuthorizationManager.class.getName()); // namenode public static final Log auditLog = LogFactory.getLog( FSNamesystem.class.getName() + ".audit");
I choose className.audit finally and record AUDITLOG instead of LOG for the privileged operations that call permission check function checkSuperuserPrivilege.
Attachments
Issue Links
- links to