Permalink
Browse files

HADOOP-3336. Direct a subset of annotated FSNamesystem calls for audi…

…t logging.

git-svn-id: https://svn.eu.apache.org/repos/asf/hadoop/core/trunk@656852 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information...
1 parent ec35c3c commit c65ff0b37e331aa3cb545d8c44df68547adf39eb @cdouglas cdouglas committed May 15, 2008
Showing with 78 additions and 2 deletions.
  1. +3 −0 CHANGES.txt
  2. +6 −0 conf/log4j.properties
  3. +69 −2 src/java/org/apache/hadoop/dfs/FSNamesystem.java
View
@@ -91,6 +91,9 @@ Trunk (unreleased changes)
configuration property "mapred.line.input.format.linespermap", which
defaults to 1. (Amareshwari Sriramadasu via ddas)
+ HADOOP-3336. Direct a subset of annotated FSNamesystem calls for audit
+ logging. (cdouglas)
+
IMPROVEMENTS
HADOOP-2928. Remove deprecated FileSystem.getContentLength().
View
@@ -72,6 +72,12 @@ log4j.appender.TLA.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n
#log4j.appender.RFA.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} - %m%n
#log4j.appender.RFA.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} (%F:%M(%L)) - %m%n
+#
+# FSNamesystem Audit logging
+# All audit events are logged at INFO level
+#
+log4j.logger.org.apache.hadoop.fs.FSNamesystem.audit=WARN
+
# Custom Logging levels
#log4j.logger.org.apache.hadoop.mapred.JobTracker=DEBUG
@@ -34,6 +34,7 @@
import org.apache.hadoop.net.ScriptBasedMapping;
import org.apache.hadoop.dfs.LeaseManager.Lease;
import org.apache.hadoop.fs.ContentSummary;
+import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.*;
import org.apache.hadoop.ipc.Server;
@@ -68,6 +69,15 @@
***************************************************/
class FSNamesystem implements FSConstants, FSNamesystemMBean {
public static final Log LOG = LogFactory.getLog("org.apache.hadoop.fs.FSNamesystem");
+ public static final String AUDIT_FORMAT =
+ "ugi=%s\t" + // ugi
+ "ip=%s\t" + // remote IP
+ "cmd=%s\t" + // command
+ "path=%s\t" + // path
+ "perm=%s"; // permissions (optional)
+
+ public static final Log auditLog = LogFactory.getLog(
+ "org.apache.hadoop.fs.FSNamesystem.audit");
private boolean isPermissionEnabled;
private UserGroupInformation fsOwner;
@@ -625,6 +635,14 @@ public synchronized void setPermission(String src, FsPermission permission
checkOwner(src);
dir.setPermission(src, permission);
getEditLog().logSync();
+ if (auditLog.isInfoEnabled()) {
+ final FileStatus stat = dir.getFileInfo(src);
+ auditLog.info(String.format(AUDIT_FORMAT,
+ UserGroupInformation.getCurrentUGI(),
+ Server.getRemoteIp(),
+ "setPermission", src, stat.getOwner() + ':' +
+ stat.getGroup() + ':' + stat.getPermission()));
+ }
}
/**
@@ -645,6 +663,14 @@ public synchronized void setOwner(String src, String username, String group
}
dir.setOwner(src, username, group);
getEditLog().logSync();
+ if (auditLog.isInfoEnabled()) {
+ final FileStatus stat = dir.getFileInfo(src);
+ auditLog.info(String.format(AUDIT_FORMAT,
+ UserGroupInformation.getCurrentUGI(),
+ Server.getRemoteIp(),
+ "setOwner", src, stat.getOwner() + ':' +
+ stat.getGroup() + ':' + stat.getPermission()));
+ }
}
/**
@@ -682,8 +708,15 @@ LocatedBlocks getBlockLocations(String src, long offset, long length
if (length < 0) {
throw new IOException("Negative length is not supported. File: " + src );
}
- return getBlockLocationsInternal(dir.getFileINode(src), offset, length,
- Integer.MAX_VALUE);
+ final LocatedBlocks ret = getBlockLocationsInternal(dir.getFileINode(src),
+ offset, length, Integer.MAX_VALUE);
+ if (auditLog.isInfoEnabled()) {
+ auditLog.info(String.format(AUDIT_FORMAT,
+ UserGroupInformation.getCurrentUGI(),
+ Server.getRemoteIp(),
+ "open", src, null));
+ }
+ return ret;
}
private synchronized LocatedBlocks getBlockLocationsInternal(INodeFile inode,
@@ -769,6 +802,12 @@ public boolean setReplication(String src, short replication)
throws IOException {
boolean status = setReplicationInternal(src, replication);
getEditLog().logSync();
+ if (auditLog.isInfoEnabled()) {
+ auditLog.info(String.format(AUDIT_FORMAT,
+ UserGroupInformation.getCurrentUGI(),
+ Server.getRemoteIp(),
+ "setReplication", src, null));
+ }
return status;
}
@@ -850,6 +889,14 @@ void startFile(String src, PermissionStatus permissions,
startFileInternal(src, permissions, holder, clientMachine, overwrite,
replication, blockSize);
getEditLog().logSync();
+ if (auditLog.isInfoEnabled()) {
+ final FileStatus stat = dir.getFileInfo(src);
+ auditLog.info(String.format(AUDIT_FORMAT,
+ UserGroupInformation.getCurrentUGI(),
+ Server.getRemoteIp(),
+ "create", src, stat.getOwner() + ':' +
+ stat.getGroup() + ':' + stat.getPermission()));
+ }
}
private synchronized void startFileInternal(String src,
@@ -1381,6 +1428,12 @@ public boolean delete(String src, boolean recursive) throws IOException {
}
boolean status = deleteInternal(src, true, true);
getEditLog().logSync();
+ if (auditLog.isInfoEnabled()) {
+ auditLog.info(String.format(AUDIT_FORMAT,
+ UserGroupInformation.getCurrentUGI(),
+ Server.getRemoteIp(),
+ "delete", src, null));
+ }
return status;
}
@@ -1464,6 +1517,14 @@ public boolean mkdirs(String src, PermissionStatus permissions
) throws IOException {
boolean status = mkdirsInternal(src, permissions);
getEditLog().logSync();
+ if (auditLog.isInfoEnabled()) {
+ final FileStatus stat = dir.getFileInfo(src);
+ auditLog.info(String.format(AUDIT_FORMAT,
+ UserGroupInformation.getCurrentUGI(),
+ Server.getRemoteIp(),
+ "mkdirs", src, stat.getOwner() + ':' +
+ stat.getGroup() + ':' + stat.getPermission()));
+ }
return status;
}
@@ -1608,6 +1669,12 @@ void renewLease(String holder) throws IOException {
checkTraverse(src);
}
}
+ if (auditLog.isInfoEnabled()) {
+ auditLog.info(String.format(AUDIT_FORMAT,
+ UserGroupInformation.getCurrentUGI(),
+ Server.getRemoteIp(),
+ "listStatus", src, null));
+ }
return dir.getListing(src);
}

0 comments on commit c65ff0b

Please sign in to comment.