Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only login "Authentication attempt " operation is logged in Cassandra 3.11.6 Audit Log #166

Open
rups789 opened this issue Jun 24, 2020 · 6 comments
Open

Only login "Authentication attempt " operation is logged in Cassandra 3.11.6 Audit Log #166

rups789 opened this issue Jun 24, 2020 · 6 comments

Comments

@rups789
Copy link

rups789 commented Jun 24, 2020

Hello ,

I started to test audit plugin for Cassandra 3.11.6 and respective jar for the same ecaudit_c3.11-2.6.0.jar.
on windows 10 64 bit machine.

I have Followed the steps as per https://github.com/Ericsson/ecaudit/blob/release/c3.0/doc/install.md

cqlsh prompt starts with - cqlsh ip -u cassandra -p pswd

Only login "Authentication attempt " operations are logged when tested from cqlsh prompt .
Select ,insert,delete and other operations are not logged in the audit log file .

Followed the instructions given by Mr. eperott when the same issue was raised by Mr. ashokkoti on Oct 2, 2018.

Still I am not getting the expected result.

Whats the problem? Are there any extra steps needed to be followed !

Audit.log file contents:
10:05:42.254-> client=XXXX, user=cassandra, status=ATTEMPT ,operation=Authentication attempt
10:06:39.912-> client=XXXX, user=cassandra, status=ATTEMPT ,operation=Authentication attempt
10:06:40.245-> client=XXXX, user=cassandra, status=ATTEMPT ,operation=Authentication attempt
10:08:44.261-> client=XXXX, user=cassandra, status=ATTEMPT ,operation=Authentication attempt
10:08:44.604-> client=XXXX, user=cassandra, status=ATTEMPT ,operation=Authentication attempt
10:12:50.634-> client=XXXX, user=cassandra, status=ATTEMPT ,operation=Authentication attempt

Audit.yaml, cassandra.yaml and logback.xml -- updated files are attached herewith.

Thank You.

audit-yaml
cassandra-yaml
logback-xml
@eperott
Copy link
Collaborator

eperott commented Jun 24, 2020
edited
Loading

Thanks for the report!

Can you show content of your cassandra-env.sh as well - or the corresponding file for Windows deployments?

@rups789
Copy link
Author

rups789 commented Jun 25, 2020

cassandra-env-sh

@eperott
Copy link
Collaborator

eperott commented Jun 30, 2020

I believe that you don't get any log records from queries because the custom_query_handler isn't picked up by Cassandra.

I have not tried Cassandra or ecAudit on Windows. But since you are deploying on Windows I believe you need to make these settings in the cassandra-env.ps1 file instead. I guess it should look something like this by the end:

...
    $env:JVM_EXTRA_OPTS="$env:JVM_EXTRA_OPTS -Dcassandra.custom_query_handler_class=com.ericsson.bss.cassandra.ecaudit.handler.AuditQueryHandler"
    $env:JVM_OPTS="$env:JVM_OPTS $env:JVM_EXTRA_OPTS"
}

Let me know if that works?

@rups789
Copy link
Author

rups789 commented Jul 1, 2020
edited
Loading

Hi !
Thanks for reply. I tried the changes in the cassandra-env.ps1, but still queries are not getting logged in audit log. I am working with standalone machine.
cassandra-env-ps1

@eperott
Copy link
Collaborator

eperott commented Sep 16, 2020

Hey! Sorry for not responding earlier on this.

Were you able to solve this?

@rups789
Copy link
Author

rups789 commented Sep 18, 2020

Hi ! Not able to solve it on windows. Able to generate the log file from Ubuntu.
But it will be helpful, if I could able to get it through windows machine.

@RhoderickGalero RhoderickGalero moved this to Todo issue in C2T Sep 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eperott @rups789