Jindo AuditLog allows you to audit operations in the namespaces that are in block storage mode. It records addition, deletion, and renaming operations in the namespaces.
Prerequisites
- An EMR cluster of the 3.29.X version is created. For more information about how to create a cluster, see Create a cluster.
- An OSS bucket is created. For more information, see Create buckets.
Background information
You can use AuditLog to analyze namespace access information, detect abnormal requests, and track errors. AuditLog stores log files in OSS. The size of a single log file cannot exceed 5 GB. You can use the lifecycle management feature of OSS to customize a retention period in days for the log files. JindoFS allows you to use Shell commands to analyze the log files generated by AuditLog.
Audit log
2020-07-09 18:29:24.689 allowed=true ugi=hadoop (auth:SIMPLE) ip=127.0.0.1 ns=test-block cmd=CreateFileletRequest src=jfs://test-block/test/test.snappy.parquet dst=null perm=::rwxrwxr-x
Parameter | Description |
---|---|
Time | The time format is yyyy-MM-dd hh:mm:ss.SSS. |
allowed | Indicates whether the operation is allowed. Valid values:
|
ugi | The user who performed the operation. The information about the authentication method is also displayed. |
ip | The client IP address. |
ns | The name of the namespace in block storage mode. |
cmd | The operation command. |
src | The source path. |
dest | The destination path. This parameter can be left empty. |
perm | The operation permissions on the file. |
Configure AuditLog
Analyze log files
JindoFS allows you to use Shell commands to analyze the log files generated by AuditLog.
You can run a MapReduce job in the EMR console to analyze the most active commands
or IP addresses in the log files. The analysis command is jindo auditlog
.
Parameter | Description | Required |
---|---|---|
--src | The OSS bucket where the log files generated by AuditLog are stored. By default, this parameter is set to the value of the namespace.auditlog.oss.uri parameter specified in Step 3. You can customize a value. | No |
--ns | The namespace you want to analyze. By default, all namespaces in block storage mode are analyzed. | No |
--type | The analysis objects:
|
Yes |
--min | The time range in minutes. | No
Note You can specify only one of --min and --day.
|
--day | The time range in days.
day 1 indicates the current day. |
jindo auditlog --src oss://<yourbucket>/auditlog/ --ns test --type ip --day 1 --top 2
16 openFileStatusRequest
6 deleteFileletRequest