Apache Cassandra‘s upcoming 4.0 release contains new options to assist organizations monitor person exercise within the database. These options present a strong set of enterprise-class audit capabilities that may assist firms meet their Sarbanes-Oxley (SOX), Payment Card Industry (PCI), and different regulatory and safety necessities.
Cassandra’s auditing options allow operators to audit log entries—each DML, DDL, and DCL change—and log and save the entries to a binary file or a user-configurable supply. Auditing could be configured on particular keyspaces, customers, or command classes. By default, these are saved to a neighborhood disk in BinLog format and could be seen with Cassandra’s fqltool and the auditlogviewer instrument.
Cassandra’s new, versatile audit facility allows a spread of capabilities, from auditing particular actions to logging a cluster’s full exercise and monitoring diagnostic occasions throughout the cluster. Three core options have been added in Cassandra four.zero:
- Audit logging with BinAuditLogger (BAL): Designed with audit, safety, and compliance use circumstances in thoughts
- Full Query Logging (FQL): Focuses on testing, benchmarking, and manufacturing workload investigations
- Diagnostic occasions: Provides a Cassandra Query Language (CQL)-native technique for subscribing to occasions generated throughout the frequent logging framework utilized by the BAL and FQL capabilities
Audit logging (BAL)
Internally, BAL and FQL are managed by Apache Cassandra’s AuditLogManager. Both implement a typical extension level referred to as IAuditLogger and are constructed into Apache Cassandra. FQL and BAL each leverage the identical BinLog format, sharing a typical implementation.
Audit logging by itself is a full “firehose” of occasions and actions carried out throughout the database. The administrator can select to incorporate or exclude particular classes, customers, and keyspaces within the generated audit path.
By default, the format and output are text-based and human-readable.
Full Query Logging (FQL)
FQL is much like audit logging however is designed to seize a consultant and repeatable pattern of a cluster’s workload filtered by some standards to make sure the output is manageable.
Both could be enabled through nodetool and configured as a part of Cassandra.yaml, with the choice to make sure an audit occasion is generated and endured earlier than an motion is returned as profitable to the tip shopper.
FQL is designed for use with the fqltool, which allows viewing, replaying, and manipulating the stream of captured queries.
Diagnostic occasions allow shoppers to subscribe to cluster occasions and to the identical frequent extension level as BAL and FQL, if customers need to eat audit data this manner. Diagnostic occasions push occasions to shoppers, and you may subscribe to audit occasions through this technique.
You can configure as many of those three sorts as you want on your necessities.
How audit logging differs from CDC
Cassandra’s Change Data Capture (CDC) mechanism has been supported on tables for a while now; nevertheless, the implementation has at all times been nuanced and sophisticated, making it harder to make use of. In essence, CDC supplies an index into native node-commit logs containing knowledge for tables with CDC enabled. CDC simply captures instantaneous knowledge that’s written to disk, leaving customers with the troublesome job of ingesting these commit logs, deciphering the format, and merging the info throughout the cluster.
On the opposite hand, Cassandra’s audit logging functionality can log reads, writes, login makes an attempt, and schema adjustments and might present the CQL that produced the occasion. Effectively, both of those options might be leveraged to construct a correct CDC stream. Given the extra granular management and devoted tooling for studying logs, utilizing the IAuditLogger interface is less complicated than consuming the CDC recordsdata.
What to count on
It is straightforward to activate audit logging in your cassandra.yaml file. Performance-wise, there isn’t any influence till the characteristic is enabled; as soon as enabled, you would possibly see a modest 10 to 15% lower on (blended) workload throughput and P99 latency. However, there are a variety of efficiency enhancements elsewhere in Apache Cassandra four.zero—notably from the brand new internode communications module—which might be anticipated to offset a few of this.