Audit Logging in Apache Cassandra® 4.0

Video: Enable, Configure and View Audit Logs
Audit Logging

Audit Logging

Audit logging records information about changes made to a database. Enterprises use audit logs to track who made changes, what data changed and when changes were made. This data is crucial for:

  • Regulatory compliance (HIPAA, SOX, PCI, etc.)
  • Security compliance
  • Debugging
Next: What Gets Logged?

What Gets Logged?

Audit logging has access to the information shown here. The default behavior is to write all of the fields to the log.

  • user: User name (if available)
  • host: Host IP, where the command is being executed
  • source ip address: Source IP address where the request was initiated
  • source port: Source port number where the request was initiated
  • timestamp: unix timestamp
  • type: Type of the request (SELECT, INSERT, etc.)
  • category: Category of the request (DDL, DML, etc.)
  • keyspace: Keyspace (if applicable) to which the request is targeted
  • scope: Table/Aggregate name/function name/trigger name etc., as applicable
  • operation: CQL command being executed
Next: Enable Audit Logging
What Gets Logged?
Enable Audit Logging

Enable Audit Logging

Audit logging is disabled by default in Cassandra. There are two ways to configure audit logging: dynamically using nodetool or statically using cassandra.yaml. A configuration using nodetool overrides a configuration defined in cassandra.yaml and does not persist across server restarts.

Next: Configurable Properties

Configurable Properties

  • enabled: This option enables/disables audit log
  • logger: Class name of the logger/custom logger
  • audit_logs_dir: Audit logs directory location, if not set, the default is cassandra.logdir.audit or cassandra.logdir + /audit/
  • included_keyspaces: Comma separated list of keyspaces to be included in audit log, default - includes all keyspaces
  • excluded_keyspaces: Comma separated list of keyspaces to be excluded from audit log, default - excludes no keyspace
  • included_categories: Comma separated list of Audit Log Categories to be included in audit log, default - includes all categories
  • excluded_categories: Comma separated list of Audit Log Categories to be excluded from audit log, default - excludes no category
  • included_users: Comma separated list of users to be included in audit log, default - includes all users
  • excluded_users: Comma separated list of users to be excluded from audit log, default - excludes no user
Next: Security Best Practices
Configurable Properties
Security Best Practices

Security Best Practices

Use excludes to limit logs to the information actually required.

Use the operating system to control access to log files containing sensitive data.

Redact sensitive data before sharing log files.

Next: Skill Building

Skill Building

Want to get some hands-on experience? Give our interactive lab a try! You can do it all from your browser, it only takes a few minutes and you don’t have to install anything.

More Resources

Items related to Audit Logging

Audit Logging in Apache Cassandra 4.0 | The Apache Cassandra Blog

Audit Logging in Apache Cassandra 4.0 | The Apache Cassandra Blog

Learn More
Audit Logging Documentation

Audit Logging Documentation

Learn More
Cassandra 4.0 Doubles Down on Performance and Reliability!

Cassandra 4.0 Doubles Down on Performance and Reliability!

Learn More