Auditing section of the gpudb.conf file (located in the
/opt/gpudb/core/etc directory). The enable_audit setting must be
enabled for the other settings to work. Any of these settings can be altered at
runtime using /alter/system/properties to assist with
debugging unless lock_audit is set to true. Below is a list of the
settings and what they do:
| Setting Name | Description |
|---|---|
enable_audit | If set to true, the following information is audited with every request: * Job ID * URI * User * Client address (including any HTTP “x-forwarded-for” header if present) |
audit_headers | If set to true, all HTTP headers received with the request will also be audited except for authorization information, which is redacted to prevent exposure of passwords |
audit_body | If set to true, each request body will be audited in JSON format except for records that are inserted via /insert/records or /update/records or any passwords that are used in administrative requests |
audit_data | If set to true, records that are inserted via /insert/records or /update/records requests will be audited in JSON format along with the request body. The audit_body setting must also be set to true for the audit_data setting to work Enabling this setting during bulk ingestion of data will rapidly produce very large audit logs, which may cause disk space exhaustion |
lock_audit | If set to true, audit settings cannot be altered at runtime |
Changing the Location of Audit Logs
The location of audit logs is controlled by the gpudb_logger.conf file (located in the/opt/gpudb/core/etc directory). By default, audit
information is logged inline with the main Kinetica logs (see
Logging for location). See Custom Logging for
more information.
Configuration Examples
No Auditing
enable_audit = falseaudit_headers = falseaudit_body = falseaudit_data = false
Basic Auditing
Settings:enable_audit = trueaudit_headers = falseaudit_body = falseaudit_data = false
Request Body Auditing
Settings:enable_audit = trueaudit_headers = falseaudit_body = trueaudit_data = false
Request Body and Data Auditing
Settings:enable_audit = trueaudit_headers = falseaudit_body = trueaudit_data = true
Request Body, Data, and Header Auditing
Settings:enable_audit = trueaudit_headers = trueaudit_body = trueaudit_data = true