Audit Logging in Apache Cassandra® 4.0
Audit Logging
Audit logging records information about changes made to a database. Enterprises use audit logs to track who made changes, what data changed and when changes were made. This data is crucial for:
- Regulatory compliance (HIPAA, SOX, PCI, etc.)
- Security compliance
- Debugging
What Gets Logged?
Audit logging has access to the information shown here. The default behavior is to write all of the fields to the log.
- user: User name (if available)
- host: Host IP, where the command is being executed
- source ip address: Source IP address where the request was initiated
- source port: Source port number where the request was initiated
- timestamp: unix timestamp
- type: Type of the request (SELECT, INSERT, etc.)
- category: Category of the request (DDL, DML, etc.)
- keyspace: Keyspace (if applicable) to which the request is targeted
- scope: Table/Aggregate name/function name/trigger name etc., as applicable
- operation: CQL command being executed
Enable Audit Logging
Audit logging is disabled by default in Cassandra. There are two ways to configure audit logging: dynamically using nodetool or statically using cassandra.yaml. A configuration using nodetool overrides a configuration defined in cassandra.yaml and does not persist across server restarts.
Configurable Properties
- enabled: This option enables/disables audit log
- logger: Class name of the logger/custom logger
- audit_logs_dir: Audit logs directory location, if not set, the default is cassandra.logdir.audit or cassandra.logdir + /audit/
- included_keyspaces: Comma separated list of keyspaces to be included in audit log, default - includes all keyspaces
- excluded_keyspaces: Comma separated list of keyspaces to be excluded from audit log, default - excludes no keyspace
- included_categories: Comma separated list of Audit Log Categories to be included in audit log, default - includes all categories
- excluded_categories: Comma separated list of Audit Log Categories to be excluded from audit log, default - excludes no category
- included_users: Comma separated list of users to be included in audit log, default - includes all users
- excluded_users: Comma separated list of users to be excluded from audit log, default - excludes no user
Skill Building
Want to get some hands-on experience? Give our interactive lab a try! You can do it all from your browser, it only takes a few minutes and you don’t have to install anything.
More Resources
Items related to Audit Logging