You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

The Sentry audit log is responsible for logging the authorization metadata change, the following operations will be logged:

create role, drop role, add role to group, delete role from group, grant privilege to role, revoke privilege from role.

Format

The audit log is generated with log4j and in json format, the following are the examples for Hive model and Generic model:

Audit log for Hive model:

 {

 "serviceName" : "hiverServer1",

  "userName" : "hive",

  "impersonator" : "impersonator",

  "ipAddress" : "127.0.0.1",

  "operation" : "GRANT_ROLE",

  "eventTime" : 1405027518637,

  "operationText" : "GRANT ROLE admin_role TO GROUP admin_group",

  "allowed" : "true",

  "objectType" : "ROLE",

  "databaseName" : "",

  "tableName" : "",

  "columnName" : "",

  "resourcePath" : ""

  }

Audit log for generic model:

 {

  "serviceName" : "sentryService",

  "userName" : "user1",

  "impersonator" : "impersonator",

  "ipAddress" : "127.0.0.1",

  "operation" : "GRANT_PRIVILEGE",

  "eventTime" : 1405027518637,

  "operationText" : "GRANT ALL ON collection col TO ROLE role1",

  "allowed" : "true",

  "objectType" : "PRICIPLE",

  "component" : "SOLR",

  "collection" : "col "

  }

Configuration

The audit log can be configured in the log4j.properties:

Audit log for Hive Model:

  log4j.logger.sentry.hive.authorization.ddl.logger=INFO, sentryHiveAudit

  log4j.appender.sentryHiveAudit=org.apache.sentry.provider.db.log.appender.RollingFileWithoutDeleteAppender   # set the appender class

  log4j.appender.sentryHiveAudit.File=/var/log/sentry/sentryHiveAudit.log          # set the log file location

  log4j.appender.sentryHiveAudit.MaxFileSize=5MB                                           # set the max size for the log file

  log4j.appender.sentryHiveAudit.layout= org.apache.log4j.PatternLayout         # set the layout class

  log4j.appender.sentryHiveAudit.layout.ConversionPattern=%m%n                  # set the message format

Audit log for generic model:

  log4j.logger.sentry.generic.authorization.ddl.logger=INFO, sentryGenericAudit

  log4j.appender.sentryGenericAudit.File=/var/log/sentry/sentryGenericAudit.log    # set the log file location

  log4j.appender.sentryGenericAudit.MaxFileSize=5MB                                           # set the max size for the log file

  log4j.appender.sentryGenericAudit.layout= org.apache.log4j.PatternLayout         # set the layout class

  log4j.appender.sentryGenericAudit.layout.ConversionPattern=%m%n                  # set the message format

 

  • No labels