Package org.apache.hadoop.hdfs.server.namenode

Class DefaultAuditLogger

java.lang.Object

org.apache.hadoop.hdfs.server.namenode.HdfsAuditLogger

org.apache.hadoop.hdfs.server.namenode.DefaultAuditLogger

All Implemented Interfaces:

AuditLogger

@Public
@Evolving
public abstract class DefaultAuditLogger
extends HdfsAuditLogger

This class provides an interface for Namenode and Router to Audit events information. This class can be extended and can be used when no access logger is defined in the config file.

Field Summary

Fields

Modifier and Type	Field	Description
protected int	callerContextMaxLen	The maximum bytes a caller context string can have.
protected int	callerSignatureMaxLen
protected Set<String>	debugCmdSet	List of commands to provide debug messages.
protected boolean	isCallerContextEnabled
protected boolean	logTokenTrackingId	adds a tracking ID for all audit log events.
protected static final ThreadLocal<StringBuilder>	STRING_BUILDER

Constructor Summary

Constructors

Constructor	Description
DefaultAuditLogger()

Method Summary

Modifier and Type	Method	Description
abstract void	initialize(Configuration conf)	Called during initialization of the logger.
abstract void	logAuditEvent(boolean succeeded, String userName, InetAddress addr, String cmd, String src, String dst, FileStatus status, CallerContext callerContext, UserGroupInformation ugi, org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager dtSecretManager)	Same as HdfsAuditLogger.logAuditEvent(boolean, String, InetAddress, String, String, String, FileStatus) with additional parameters related to logging delegation token tracking IDs.
abstract void	logAuditEvent(boolean succeeded, String userName, InetAddress addr, String cmd, String src, String dst, FileStatus status, UserGroupInformation ugi, org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager dtSecretManager)	Same as HdfsAuditLogger.logAuditEvent(boolean, String, InetAddress, String, String, String, FileStatus, CallerContext, UserGroupInformation, DelegationTokenSecretManager) without CallerContext information.
abstract void	logAuditMessage(String message)

Methods inherited from class org.apache.hadoop.hdfs.server.namenode.HdfsAuditLogger

logAuditEvent

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

STRING_BUILDER

protected static final ThreadLocal<StringBuilder> STRING_BUILDER

isCallerContextEnabled

protected volatile boolean isCallerContextEnabled

callerContextMaxLen

protected int callerContextMaxLen

The maximum bytes a caller context string can have.

callerSignatureMaxLen

protected int callerSignatureMaxLen

logTokenTrackingId

protected boolean logTokenTrackingId

adds a tracking ID for all audit log events.

debugCmdSet

protected Set<String> debugCmdSet

List of commands to provide debug messages.

Constructor Details

DefaultAuditLogger

public DefaultAuditLogger()

Method Details

initialize

public abstract void initialize(Configuration conf)

Description copied from interface: AuditLogger

Called during initialization of the logger.

Parameters:

conf - The configuration object.

logAuditMessage

public abstract void logAuditMessage(String message)

logAuditEvent

public abstract void logAuditEvent(boolean succeeded,
 String userName,
 InetAddress addr,
 String cmd,
 String src,
 String dst,
 FileStatus status,
 UserGroupInformation ugi,
 org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager dtSecretManager)

Description copied from class: HdfsAuditLogger

Same as HdfsAuditLogger.logAuditEvent(boolean, String, InetAddress, String, String, String, FileStatus, CallerContext, UserGroupInformation, DelegationTokenSecretManager) without CallerContext information.

Specified by:

logAuditEvent in class HdfsAuditLogger

logAuditEvent

public abstract void logAuditEvent(boolean succeeded,
 String userName,
 InetAddress addr,
 String cmd,
 String src,
 String dst,
 FileStatus status,
 CallerContext callerContext,
 UserGroupInformation ugi,
 org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager dtSecretManager)

Description copied from class: HdfsAuditLogger

Same as HdfsAuditLogger.logAuditEvent(boolean, String, InetAddress, String, String, String, FileStatus) with additional parameters related to logging delegation token tracking IDs.

Specified by:

logAuditEvent in class HdfsAuditLogger

Parameters:

succeeded - Whether authorization succeeded.

userName - Name of the user executing the request.

addr - Remote address of the request.

cmd - The requested command.

src - Path of affected source file.

dst - Path of affected destination file (if any).

status - File information for operations that change the file's metadata (permissions, owner, times, etc).

callerContext - Context information of the caller

ugi - UserGroupInformation of the current user, or null if not logging token tracking information

dtSecretManager - The token secret manager, or null if not logging token tracking information