Auditing Cluster Operations
Explains the operations that are audited for a cluster.
The following types of operations are audited when you run the maprcli audit
cluster
command on a cluster:
- All
maprcli
commands, REST calls, and actions in the Control System that have effects at the cluster level, including those that enable auditing, are audited. - All authentications to the Control System and authentications to data-fabric clusters via
maprlogin
are audited. - All volume level tiering operations are audited.
Audit records for these operations are recorded in the following audit logs:
Audit logs for maprcli commands, REST API calls, and actions in the Control System
Executions of maprcli
commands, REST API calls, and actions in the
Control System are logged in the local filesystem on the nodes where they are executed.
Log files are located at /opt/mapr/mapr-cli-audit-log/audit.log.json
.
To see what information is recorded in typical log entries, see Example Log Entries for
Audited maprcli Command Executions, REST API Calls, and Actions in the Control
System.
The following maprcli
commands, as well as their equivalent REST API
calls and actions in the Control System, are also logged in audit logs on the servers
where they are processed.
Command Family | Commands |
acl | acl edit, acl set, acl show
|
audit | audit cluster, audit data, audit info
|
blacklist | blacklist listusers, blacklist user
|
cluster | cluster mapreduce get, cluster mapreduce set
|
config | config load, config save
|
entity | entity info, entity list, entity modify
|
license | license add, license addcrl, license apps, license list, license
listcrl, license remove, license showid
|
nagios | nagios generate
|
rlimit | rlimit get, rlimit set
|
schedule | schedule create, schedule list, schedule modify, schedule
remove
|
virtualip | virtualip add, virtualip edit, virtualip list, virtualip move,
virtualip remove
|
volume | volume compact, volume container move, volume container
switchmaster, volume create, volume fixmountpath, volume info, volume
list, volume mirror push, volume mirror start, volume mirror stop, volume
modify, volume mount, volume move, volume offload, volume recall, volume
remove, volume rename, volume showmounts, volume snapshot list, volume
snapshot preserve, volume snapshot remove, volume tierstats, volume
tierjobabort, volume tierjobstatus, volume unmount
NOTE These commands are not audited: volume dump create, volume
dump restore, volume link create, volume link remove, volume snapshot
create
|
Audit logs for authentications to the Control System
Every attempt at authentication to the Control System, whether successful or
unsuccessful, is logged to the local filesystem in
/opt/mapr/logs/authaudit.log.json
on the webserver node where an
attempt was made.
Audit logs for volume level tiering operations
All volume level tiering operations, whether successful or unsuccessful, are logged in
the /opt/mapr/logs/cldbaudit.log.json
file.