Kinetica can be configured to print audit information to a log for security or
debugging purposes. The audit configuration settings can be found in the
Auditing
section of the gpudb.conf
file (located in the
/opt/gpudb/core/etc
directory). The enable_audit
setting must be
enabled for the other settings to work. Any of these settings can be altered at
runtime using /alter/system/properties to assist with
debugging unless lock_audit
is set to true
. Below is a list of the
settings and what they do:
Setting Name | Description |
---|---|
enable_audit |
If set to
|
audit_headers |
If set to true , all HTTP headers received with the request will also be audited except for
authorization information, which is redacted to prevent exposure of passwords |
audit_body |
If set to true , each request body will be audited in JSON format except for records that are
inserted via /insert/records or /update/records or
any passwords that are used in administrative requests |
audit_data |
If set to Note: Enabling this setting during bulk ingestion of data will rapidly produce very large audit logs, which may cause disk space exhaustion |
lock_audit |
If set to true , audit settings cannot be altered at runtime |
The location of audit logs is controlled by the gpudb_logger.conf
file
(located in the /opt/gpudb/core/etc
directory). By default, audit
information is logged inline with the main Kinetica logs (see
Logging for location). See Custom Logging for
more information.
enable_audit = false
audit_headers = false
audit_body = false
audit_data = false
Settings:
enable_audit = true
audit_headers = false
audit_body = false
audit_data = false
2018-01-22 10:30:46.182 INFO (30520,31495,r0/gpudb_cluster_i) host.gpudb.local - Job ID: 18 URI: /filter User: admin Client: 172.123.45.67:58452
...
2018-01-22 10:48:32.217 INFO (14801,16039,r0/gpudb_cluster_i) host.gpudb.local - Job ID: 26 URI: /insert/records User: admin Client: 172.123.45.67:57973
Settings:
enable_audit = true
audit_headers = false
audit_body = true
audit_data = false
2018-01-24 08:38:13.821 INFO (21303,22318,r0/gpudb_cluster_i) host.gpudb.local - Job ID: 17 URI: /filter User: admin Client: 172.123.45.67:60279
{"table_name":"rand_num_table","view_name":"tf2","expression":"x = 1","options":{}}
...
2018-01-24 08:40:54.157 INFO (21303,22318,r0/gpudb_cluster_i) host.gpudb.local - Job ID: 113 URI: /insert/records User: admin Client: 172.123.45.67:60266
{"table_name":"mrg_src1","list":[],"list_str":[],"list_encoding":"json","options":{}} (5 records in list_str)
Settings:
enable_audit = true
audit_headers = false
audit_body = true
audit_data = true
2018-01-22 10:25:57.003 INFO (28047,29104,r0/gpudb_cluster_i) host.gpudb.local - Job ID: 29 URI: /filter User: admin Client: 172.123.45.67:58350
{"table_name":"test_table","view_name":"test_view","expression":"x = 7","options":{}}
...
2018-01-22 10:36:03.338 INFO (17302,18378,r0/gpudb_cluster_i) host.gpudb.local - Job ID: 36 URI: /insert/records User: admin Client: 172.123.45.67:58038
{"table_name":"mrg_src1","list":[],"list_str":[],"list_encoding":"json","options":{}}
{"x":4, "y":40}
{"x":5, "y":50}
{"x":6, "y":60}
{"x":7, "y":70}
{"x":8, "y":80}
Settings:
enable_audit = true
audit_headers = true
audit_body = true
audit_data = true
2018-01-22 10:20:25.696 INFO (25633,26607,r0/gpudb_cluster_i) host.gpudb.local - Job ID: 54 URI: /filter User: admin Client: 172.123.45.67:58271
Accept: */*
Authorization: [redacted]
Connection: keep-alive
Content-Type: application/json
Host: 172.123.45.67:9191
Postman-Token: cc79932a-090c-4271-8df2-7e7788264ab1
User-Agent: PostmanRuntime/7.1.1
accept-encoding: gzip, deflate
cache-control: no-cache
content-length: 100
{"table_name":"test_table","view_name":"test_view","expression":"x = 7","options":{}}
...
2018-01-22 10:27:21.651 INFO (19780,20806,r0/gpudb_cluster_i) host.gpudb.local - Job ID: 61 URI: /insert/records User: admin Client: 172.123.45.67:58139
Accept: */*
Authorization: [redacted]
Connection: keep-alive
Content-Type: application/json
Host: 172.123.45.67:9191
Postman-Token: 14480159-3794-4396-a9b7-b27fbfeae3a9
User-Agent: PostmanRuntime/7.1.1
accept-encoding: gzip, deflate
cache-control: no-cache
content-length: 217
{"table_name":"mrg_src1","list":[],"list_str":[],"list_encoding":"json","options":{}}
{"x":4, "y":40}
{"x":5, "y":50}
{"x":6, "y":60}
{"x":7, "y":70}
{"x":8, "y":80}