Toggle Menu

Apache Cassandra™ 4.0 Audit Logging

Video: Enable, Configure and View Audit Logs

Audit Logging

Audit logging records information about changes made to a database. Enterprises use audit logs to track who made changes, what data changed and when changes were made. This data is crucial for:

  • Regulatory compliance (HIPAA, SOX, PCI, etc.)
  • Security compliance
  • Debugging
Next: What Gets Logged?
Audit Logging
What Gets Logged?

What Gets Logged?

Audit logging has access to the information shown here. The default behavior is to write all of the fields to the log.

  • user: User name (if available)
  • host: Host IP, where the command is being executed
  • source ip address: Source IP address where the request was initiated
  • source port: Source port number where the request was initiated
  • timestamp: unix timestamp
  • type: Type of the request (SELECT, INSERT, etc.)
  • category: Category of the request (DDL, DML, etc.)
  • keyspace: Keyspace (If applicable) to which the request is targeted
  • scope: Table/Aggregate name/function name/trigger name etc., as applicable
  • operation: CQL command being executed
Next: Enable Audit Logging

Enable Audit Logging

Audit logging is disabled by default in Cassandra. There are two ways to configure audit logging: dynamically using nodetool or statically using cassandra.yaml. A configuration using nodetool overrides a configuration defined in cassandra.yaml and does not persist across server restarts.

Next: Configurable Properties
Enable Audit Logging
Configurable Properties

Configurable Properties

  • enabled: This option enables/disables audit log
  • logger: Class name of the logger/custom logger
  • audit_logs_dir: Audit logs directory location, if not set, the default is cassandra.logdir.audit or cassandra.logdir + /audit/
  • included_keyspaces: Comma separated list of keyspaces to be included in audit log, default - includes all keyspaces
  • excluded_keyspaces: Comma separated list of keyspaces to be excluded from audit log, default - excludes no keyspace
  • included_categories: Comma separated list of Audit Log Categories to be included in audit log, default - includes all categories
  • excluded_categories: Comma separated list of Audit Log Categories to be excluded from audit log, default - excludes no category
  • included_users: Comma separated list of users to be included in audit log, default - includes all users
  • excluded_users: Comma separated list of users to be excluded from audit log, default - excludes no user
Next: Security Best Practices

Security Best Practices

Use excludes to limit logs to the information actually required.

Use the operating system to control access to log files containing sensitive data.

Manually redact sensitive data before sharing log files.

Next: Skill Building
Security Best Practices

Skill Building

Are you ready to try it out?

Apache Cassandra™ 4.x - Audit Logging

Cassandra 4.x audit logging enables enterprises to track activity in their database.

CONTRIBUTORS

Learning objectives

In this scenario you will:

  • Enable audit logging
  • Learn which fields can be logged
  • Fine-tune audit logging
  • Statically and dynamically configure audit logging

Time to Complete

15 minutes

Difficulty

Beginner

Share

Do you have a suggestion or issue you’ve discovered?

Share Feedback

More Resources

Items related to Audit Logging

Audit Logging in Apache Cassandra 4.0 | The Apache Cassandra Blog

Audit Logging in Apache Cassandra 4.0 | The Apache Cassandra Blog

Learn More
Audit Logging Documentation

Audit Logging Documentation

Learn More
Cassandra 4.0 Doubles Down on Performance and Reliability!

Cassandra 4.0 Doubles Down on Performance and Reliability!

Learn More