Follow

CONF-0002: Enabling Audit Logs

Overview:

Kinetica includes an Audit feature that allows administrators to analyze each request made to the Kinetica server. In the Audit configuration the administrator can enable different levels of logging depending on the needs:

Setting Value Description
enable_audit True | False

Audit Master Switch, if disabled no audit information is logged.

If enabled by itself, JobID, URI, User and Client address information will be logged.

audit_headers True | False

Controls the auditing of HTTP headers for each request

audit_body True | False

Controls the auditing of the body of each request in JSON format.

No data is shown @ this level of auditing

audit_data True | False

Controls the auditing of the data inserted into the database.

If enabled it can produce a large amount of logs and may cause disk space exhaustion

lock_audit True | False

Controls whether the Audit settings can be altered at runtime

Note: The Audit logs will be written by default to the Kinetica log (/opt/gpudb/core/logs/gpudb.log).

 

Action:

Audit logs can be enabled in 2 ways:

  • Via gpudb.conf: This method enables the audit logs until the setting is changed again, enabling it this way requires a services restart.
  • Via API: An API call to the endpoint alter/system/properties can enable the audit logs temporarily, meaning until changed or services restart (whichever occurs first), this method doesn't require a reboot.

To enable Audit logs via gpudb.conf:

  1. On Kinetica's server navigate to:
    cd /opt/gpudb/core/etc/
  2. Edit gpudb.conf:
    $vi gpudb.conf
  3. Find the Auditing section:
    # ----------------------------------------------
    # Auditing
    .
    enable_audit = true
    .
    audit_headers = true
    .
    audit_body = true
    .
    audit_data = true
    .
    lock_audit = false
  4. Make the appropriate changes and save the file
  5. Restart Kinetica services:
    $/etc/init.d/gpudb restart all

 To enable Audit logs via API:

  1. On Gadmin go to Query > API
  2. From the drop down list select: /alter/system/properties
  3. In the "property_updates_map" field add the following line switching to "true" the desired parameters 
    {“enable_audit”:“false”,“audit_headers”:“false”,“audit_body”:“false”,“audit_data”:“false”}
  4. Click on Send Request
  5. Check the gpudb.log to see the audit log.

 

Additional information:

To change the location of the Audit log to a separate file:

  1. On Kinetica's server navigate to:
    cd /opt/gpudb/core/etc/
  2. Edit gpudb_logger.conf:
    $vi gpudb_logger.conf
  3. Find the Auditing section:
    # ---------------------------------------------------------------------------
    # Auditing
    # ---------------------------------------------------------------------------
    # This section controls the location of the output of the request auditor,
    #
  4. Comment out the ConsoleAppender settings:
    #log4cplus.appender.AuditAppender=log4cplus::ConsoleAppender
    #log4cplus.appender.AuditAppender.layout=log4cplus::PatternLayout
    #log4cplus.appender.AuditAppender.layout.ConversionPattern=%D{%Y-%m-%d %H:%M:%S.%q} %-5p (%i,%T,%-18t) %h - %m
  5. Uncomment the FileAppender settings:
    log4cplus.appender.AuditAppender=log4cplus::FileAppender
    log4cplus.appender.AuditAppender.File=gpudb-audit.log
    log4cplus.appender.AuditAppender.layout=log4cplus::PatternLayout
    log4cplus.appender.AuditAppender.layout.ConversionPattern=%D{%Y-%m-%d %H:%M:%S.%q} %-5p (%i,%T,%-18t) %h - %m
  6. Change the location of the file (../logs/ is the default location of Kinetica logs):
    log4cplus.appender.AuditAppender=log4cplus::FileAppender
    log4cplus.appender.AuditAppender.File=../logs/gpudb-audit.log
    log4cplus.appender.AuditAppender.layout=log4cplus::PatternLayout
    log4cplus.appender.AuditAppender.layout.ConversionPattern=%D{%Y-%m-%d %H:%M:%S.%q} %-5p (%i,%T,%-18t) %h - %m
  7. Restart Kinetica services:
    $/etc/init.d/gpudb restart all

 

Should you have any questions or concerns, please visit our Official Documentation and Support Page.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.