Skip to content

Latest commit

 

History

History
72 lines (56 loc) · 2.62 KB

chronicle_logger.md

File metadata and controls

72 lines (56 loc) · 2.62 KB

Chronicle Logger

The Chronicle logger backend stores audit records in a binary format and is more performant than the SLF4J logger. Audit records are viewed with the eclog tool.

Update the audit.yaml file to enable the Chronicle logger and set target directory for audit records.

logger_backend:
    - class_name: com.ericsson.bss.cassandra.ecaudit.logger.ChronicleAuditLogger
      parameters:
      - log_dir: /var/lib/cassandra/audit

Options

The Chronicle logger will roll to a new file every hour by default. The roll cycle frequency is configurable. Valid options are MINUTELY, HOURLY, and DAILY.

logger_backend:
    - class_name: com.ericsson.bss.cassandra.ecaudit.logger.ChronicleAuditLogger
      parameters:
      - log_dir: /var/lib/cassandra/audit
        roll_cycle: MINUTELY

The oldest log files will be discarded once a size threshold is reached. By default 16GB of log files will be retained before the oldest is deleted. The value is specified in bytes.

logger_backend:
    - class_name: com.ericsson.bss.cassandra.ecaudit.logger.ChronicleAuditLogger
      parameters:
      - log_dir: /var/lib/cassandra/audit
        log_max_size: 536870912 # 512MB

The eclog tool

The binary Chronicle log files can be viewed with the provided eclog tool.

$ java -jar eclog.jar <log-dir>

The default output looks like this:

1554188832013|127.0.0.32:777|123.45.67.89|bob|SUCCEEDED|SELECT * FROM students
1554188832323|133.1.1.34:5443|123.45.67.90|cassandra|ATTEMPT|bd92aeb1-3373-4d6a-b65a-0d60295f66c9|INSERT INTO ecks.ectbl (partk, clustk, value) VALUES (?, ?, ?)[1, '1', 'valid']

The log output format can be configured, in a similar way as for SLF4J logger, by providing a eclog.yaml configuration file. The log file can be specified by the command line argument -c or placed in either the working directory or together with the Chronicle log files.

The configuration format/fields are the same as for SLF4J, see Custom Log Message Format. Conditional formatting is also supported.

With a config like this:

log_format: "${TIMESTAMP} -> Client=${CLIENT_IP}, User=${USER}, Status=${STATUS}, Operation=${OPERATION}"
time_format: "yyyy-MM-dd HH:mm:ss.SSS z"
time_zone: "UTC"

The output will look like this:

2019-04-02 07:07:12.013 UTC -> Client=127.0.0.32, User=bob, Status=SUCCEEDED, Operation=SELECT * FROM students
2019-04-02 07:07:12.323 UTC -> Client=133.1.1.34, User=cassandra, Status=ATTEMPT, Operation=INSERT INTO ecks.ectbl (partk, clustk, value) VALUES (?, ?, ?)[1, '1', 'valid']