Auditing of Activity Related to Cluster Administration
The following types of operations are audited after the maprcli audit
cluster command is run on a cluster:
- All
maprclicommands, REST calls, and actions in MCS that have effects at the cluster level, including those that enable auditing, are audited. - All authentications to MCS and authentications to MapR clusters via
maprloginare audited.
Audit records for these operations are recorded in the following audit logs:
Audit logs for operations related to cluster management and authentications to clusters via maprlogin
Every CLDB operation is logged in the local filesystem of the CLDB
node that responded to the operation. The log file is
/opt/mapr/logs/cldbaudit.log.json.
Audit logs for maprcli commands, REST API calls, and actions in MCS
Executions of maprcli commands, REST API calls, and actions in MCS are
logged in the local filesystem on the nodes where they are executed. Log files are
located at /opt/mapr/mapr-cli-audit-log/audit.log.json. To see what
information is recorded in typical log entries, see Example Log Entries for
Audited maprcli Command Executions, REST API Calls, and Actions in MCS.
The following maprcli commands, as well as their
equivalent REST API calls and actions in MCS, are also logged in audit logs on the
servers where they are processed.
| Command Family | Commands |
| acl | acl edit, acl set, acl show
|
| audit | audit cluster, audit data, audit info
|
| blacklist | blacklist listusers, blacklist user
|
| cluster | cluster mapreduce get, cluster mapreduce set
|
| config | config load, config save
|
| entity | entity info, entity list, entity modify
|
| license | license add, license addcrl, license apps, license list, license
listcrl, license remove, license showid
|
| nagios | nagios generate
|
| rlimit | rlimit get, rlimit set
|
| schedule | schedule create, schedule list, schedule modify, schedule
remove
|
| virtualip | virtualip add, virtualip edit, virtualip list, virtualip move,
virtualip remove
|
| volume | volume container move, volume container switchmaster, volume
create, volume fixmountpath, volume info, volume list, volume mirror
push, volume mirror start, volume mirror stop, volume modify, volume
mount, volume move, volume remove, volume rename, volume showmounts,
volume snapshot list, volume snapshot preserve, volume snapshot remove,
volume unmount
NOTE: These commands are not audited: volume dump create, volume
dump restore, volume link create, volume link remove, volume snapshot
create
|
Audit logs for authentications to MCS
Every attempt at authentication to MCS, whether successful or unsuccessful, is logged to
the local filesystem in /opt/mapr/logs/authaudit.log.json on the
webserver node where an attempt was made.