Skip to content

HDDS-14274. [Website v2] [Docs] [Administrator Guide] Configuring Audit Logs #175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jojochuang merged 2 commits into from
Dec 30, 2025
Merged

HDDS-14274. [Website v2] [Docs] [Administrator Guide] Configuring Audit Logs #175

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1ec1e35
[Website v2] [Docs] [Administrator Guide] Configuring Audit Logs
rich7420 Dec 30, 2025
b05c36c
update
rich7420 Dec 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 44 additions & 6 deletions docs/05-administrator-guide/02-configuration/02-logging/02-audit-logs.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,50 @@ sidebar_label: Audit Logs

# Configuring Audit Logs

Document Ozone's use of log4j for audit logging, including:
Audit logs record security-sensitive operations, providing a trail of actions performed on the cluster. The following services produce audit logs:

- Default configuration
- Examples of common configurations
- Where Ozone looks for log4j configuration files.
- Ozone Manager

Link to existing Log4j docs as necessary.
- Storage Container Manager

**TODO:** File a subtask under [HDDS-9859](https://issues.apache.org/jira/browse/HDDS-9859) and complete this page or section.
- Datanode

- S3 Gateway

Audit log configurations are set in `*-audit-log4j2.properties` files. You can change the corresponding files to update the audit log policies for each component.

## Sample Audit Log Entry

Here is an example of an audit log entry from the Ozone Manager:

```text
INFO | OMAudit | ? | user=hdfs | ip=127.0.0.1 | op=CREATE_VOLUME | params={volume=vol1, admin=hdfs, owner=hdfs} | result=SUCCESS
```

This entry shows that the user `hdfs` successfully created a volume named `vol1`.

## Deletion of Audit Logs

The default log appender is a rolling appender. The following configurations can be added for the deletion of out-of-date AuditLogs.

```properties
appender.rolling.strategy.type=DefaultRolloverStrategy

appender.rolling.strategy.max=3000

appender.rolling.strategy.delete.type=Delete

appender.rolling.strategy.delete.basePath=${sys:hadoop.log.dir}

appender.rolling.strategy.delete.maxDepth=1

appender.rolling.strategy.delete.ifFileName.type=IfFileName

appender.rolling.strategy.delete.ifFileName.glob=om-audit-*.log.gz

appender.rolling.strategy.delete.ifLastModified.type=IfLastModified

appender.rolling.strategy.delete.ifLastModified.age=30d
```

For more details, please check [Log4j2 Delete on Rollover](https://logging.apache.org/log4j/2.x/manual/appenders.html#CustomDeleteOnRollover).
Loading