From 1ec1e35a9193940d458d23370c54af0515fc641b Mon Sep 17 00:00:00 2001 From: rich7420 Date: Tue, 30 Dec 2025 12:36:40 +0800 Subject: [PATCH 1/2] [Website v2] [Docs] [Administrator Guide] Configuring Audit Logs --- .../02-logging/02-audit-logs.md | 50 ++++++++++++++++--- 1 file changed, 44 insertions(+), 6 deletions(-) diff --git a/docs/05-administrator-guide/02-configuration/02-logging/02-audit-logs.md b/docs/05-administrator-guide/02-configuration/02-logging/02-audit-logs.md index 8f08839ab0..0b5b905914 100644 --- a/docs/05-administrator-guide/02-configuration/02-logging/02-audit-logs.md +++ b/docs/05-administrator-guide/02-configuration/02-logging/02-audit-logs.md @@ -4,12 +4,50 @@ sidebar_label: Audit Logs # Configuring Audit Logs -Document Ozone's use of log4j for audit logging, including: +Audit logs record security-sensitive operations, providing a trail of actions performed on the cluster. The following services produce audit logs: -- Default configuration -- Examples of common configurations -- Where Ozone looks for log4j configuration files. +* Ozone Manager -Link to existing Log4j docs as necessary. +* Storage Container Manager -**TODO:** File a subtask under [HDDS-9859](https://issues.apache.org/jira/browse/HDDS-9859) and complete this page or section. +* Datanode + +* S3 Gateway + +Audit log configurations are set in `*-audit-log4j2.properties` files. You can change the corresponding files to update the audit log policies for each component. + +## Sample Audit Log Entry + +Here is an example of an audit log entry from the Ozone Manager: + +``` +INFO | OMAudit | ? | user=hdfs | ip=127.0.0.1 | op=CREATE_VOLUME | params={volume=vol1, admin=hdfs, owner=hdfs} | result=SUCCESS +``` + +This entry shows that the user `hdfs` successfully created a volume named `vol1`. + +## Deletion of Audit Logs + +The default log appender is a rolling appender. The following configurations can be added for the deletion of out-of-date AuditLogs. + +``` +appender.rolling.strategy.type=DefaultRolloverStrategy + +appender.rolling.strategy.max=3000 + +appender.rolling.strategy.delete.type=Delete + +appender.rolling.strategy.delete.basePath=${sys:hadoop.log.dir} + +appender.rolling.strategy.delete.maxDepth=1 + +appender.rolling.strategy.delete.ifFileName.type=IfFileName + +appender.rolling.strategy.delete.ifFileName.glob=om-audit-*.log.gz + +appender.rolling.strategy.delete.ifLastModified.type=IfLastModified + +appender.rolling.strategy.delete.ifLastModified.age=30d +``` + +For more details, please check [Log4j2 Delete on Rollover](https://logging.apache.org/log4j/2.x/manual/appenders.html#CustomDeleteOnRollover). From b05c36c0f21531de99d7576f17123b3e4e2789a6 Mon Sep 17 00:00:00 2001 From: rich7420 Date: Tue, 30 Dec 2025 12:41:11 +0800 Subject: [PATCH 2/2] update --- .../02-configuration/02-logging/02-audit-logs.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/05-administrator-guide/02-configuration/02-logging/02-audit-logs.md b/docs/05-administrator-guide/02-configuration/02-logging/02-audit-logs.md index 0b5b905914..617e2a26ff 100644 --- a/docs/05-administrator-guide/02-configuration/02-logging/02-audit-logs.md +++ b/docs/05-administrator-guide/02-configuration/02-logging/02-audit-logs.md @@ -6,13 +6,13 @@ sidebar_label: Audit Logs Audit logs record security-sensitive operations, providing a trail of actions performed on the cluster. The following services produce audit logs: -* Ozone Manager +- Ozone Manager -* Storage Container Manager +- Storage Container Manager -* Datanode +- Datanode -* S3 Gateway +- S3 Gateway Audit log configurations are set in `*-audit-log4j2.properties` files. You can change the corresponding files to update the audit log policies for each component. @@ -20,7 +20,7 @@ Audit log configurations are set in `*-audit-log4j2.properties` files. You can c Here is an example of an audit log entry from the Ozone Manager: -``` +```text INFO | OMAudit | ? | user=hdfs | ip=127.0.0.1 | op=CREATE_VOLUME | params={volume=vol1, admin=hdfs, owner=hdfs} | result=SUCCESS ``` @@ -30,7 +30,7 @@ This entry shows that the user `hdfs` successfully created a volume named `vol1` The default log appender is a rolling appender. The following configurations can be added for the deletion of out-of-date AuditLogs. -``` +```properties appender.rolling.strategy.type=DefaultRolloverStrategy appender.rolling.strategy.max=3000