Follow

K-CORE-03: Enabling Audit logs in Kinetica

OVERVIEW

Kinetica 6.1 includes an Audit feature that allows administrators to analyze each request made to the Kinetica server.

In the Audit configuration the administrator can enable different levels of logging depending on the needs:

Setting Value Description
enable_audit True | False

Audit Master Switch, if disabled no audit information is logged.

If enabled by itself, JobID, URI, User and Client address information will be logged.

audit_headers True | False

Controls the auditing of HTTP headers for each request

audit_body True | False

Controls the auditing of the body of each request in JSON format.

No data is shown @ this level of auditing

audit_data True | False

Controls the auditing of the data inserted into the database.

If enabled it can produce a large amount of logs and may cause disk space exhaustion

lock_audit True | False

Controls whether the Audit settings can be altered at runtime

 

The Audit logs will be written by default to the Kinetica log (/opt/gpudb/core/logs/gpudb.log).

Affects versions: 6.1, 6.2

ACTION

To enable Audit logs:

  1. On Kinetica's server navigate to:
    cd /opt/gpudb/core/etc/
  2. Edit gpudb.conf:
    $vi gpudb.conf
  3. Find the Auditing section:
    # ----------------------------------------------
    # Auditing
    .
    enable_audit = true
    .
    audit_headers = true
    .
    audit_body = true
    .
    audit_data = true
    .
    lock_audit = false
  4. Make the appropriate changes and save the file
  5. Restart Kinetica services:
    $/etc/init.d/gpudb restart all

 

To change the location of the Audit log to a separate file:

  1. On Kinetica's server navigate to:
    cd /opt/gpudb/core/etc/
  2. Edit gpudb_logger.conf:
    $vi gpudb_logger.conf
  3. Find the Auditing section:
    # ---------------------------------------------------------------------------
    # Auditing
    # ---------------------------------------------------------------------------
    # This section controls the location of the output of the request auditor,
    #
  4. Comment out the ConsoleAppender settings:
    #log4cplus.appender.AuditAppender=log4cplus::ConsoleAppender
    #log4cplus.appender.AuditAppender.layout=log4cplus::PatternLayout
    #log4cplus.appender.AuditAppender.layout.ConversionPattern=%D{%Y-%m-%d %H:%M:%S.%q} %-5p (%i,%T,%-18t) %h - %m
  5. Uncomment the FileAppender settings:
    log4cplus.appender.AuditAppender=log4cplus::FileAppender
    log4cplus.appender.AuditAppender.File=gpudb-audit.log
    log4cplus.appender.AuditAppender.layout=log4cplus::PatternLayout
    log4cplus.appender.AuditAppender.layout.ConversionPattern=%D{%Y-%m-%d %H:%M:%S.%q} %-5p (%i,%T,%-18t) %h - %m
  6. Change the location of the file (../logs/ is th default location of Kinetica logs):
    log4cplus.appender.AuditAppender=log4cplus::FileAppender
    log4cplus.appender.AuditAppender.File=../logs/gpudb-audit.log
    log4cplus.appender.AuditAppender.layout=log4cplus::PatternLayout
    log4cplus.appender.AuditAppender.layout.ConversionPattern=%D{%Y-%m-%d %H:%M:%S.%q} %-5p (%i,%T,%-18t) %h - %m
  7. Restart Kinetica services:
    $/etc/init.d/gpudb restart all

 

Should you have any questions or concerns, please visit our support page, official documentation page or email us at support@kinetica.com

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.