diff --git a/docs/05-administrator-guide/02-configuration/02-logging/02-audit-logs.md b/docs/05-administrator-guide/02-configuration/02-logging/02-audit-logs.md index 8f08839ab0..617e2a26ff 100644 --- a/docs/05-administrator-guide/02-configuration/02-logging/02-audit-logs.md +++ b/docs/05-administrator-guide/02-configuration/02-logging/02-audit-logs.md @@ -4,12 +4,50 @@ sidebar_label: Audit Logs # Configuring Audit Logs -Document Ozone's use of log4j for audit logging, including: +Audit logs record security-sensitive operations, providing a trail of actions performed on the cluster. The following services produce audit logs: -- Default configuration -- Examples of common configurations -- Where Ozone looks for log4j configuration files. +- Ozone Manager -Link to existing Log4j docs as necessary. +- Storage Container Manager -**TODO:** File a subtask under [HDDS-9859](https://issues.apache.org/jira/browse/HDDS-9859) and complete this page or section. +- Datanode + +- S3 Gateway + +Audit log configurations are set in `*-audit-log4j2.properties` files. You can change the corresponding files to update the audit log policies for each component. + +## Sample Audit Log Entry + +Here is an example of an audit log entry from the Ozone Manager: + +```text +INFO | OMAudit | ? | user=hdfs | ip=127.0.0.1 | op=CREATE_VOLUME | params={volume=vol1, admin=hdfs, owner=hdfs} | result=SUCCESS +``` + +This entry shows that the user `hdfs` successfully created a volume named `vol1`. + +## Deletion of Audit Logs + +The default log appender is a rolling appender. The following configurations can be added for the deletion of out-of-date AuditLogs. + +```properties +appender.rolling.strategy.type=DefaultRolloverStrategy + +appender.rolling.strategy.max=3000 + +appender.rolling.strategy.delete.type=Delete + +appender.rolling.strategy.delete.basePath=${sys:hadoop.log.dir} + +appender.rolling.strategy.delete.maxDepth=1 + +appender.rolling.strategy.delete.ifFileName.type=IfFileName + +appender.rolling.strategy.delete.ifFileName.glob=om-audit-*.log.gz + +appender.rolling.strategy.delete.ifLastModified.type=IfLastModified + +appender.rolling.strategy.delete.ifLastModified.age=30d +``` + +For more details, please check [Log4j2 Delete on Rollover](https://logging.apache.org/log4j/2.x/manual/appenders.html#CustomDeleteOnRollover).