Auditing Operations

Describes auditing on directories, files, MapR-DB and MapR-Streams.

This type of auditing is for operations that are managed by the mfs service, MapR-DB, and MapR Streams. These operations take place within volumes and have effects at the level of the MapR filesystem.

Auditing of operations on directories and files

The following operations on files and directories are audited by default and operations with Y in the Selective Auditing Support column can be included and/or excluded from auditing. Operations with N in the Selective Auditing Support column are audited by default and cannot be excluded from auditing.

Operation Name in Audit Logs Directories Files Selective Auditing Support
Change group owner CHGRP Y Y Y
Change owner CHOWN Y Y Y
Change permissions CHPERM Y Y Y
Create CREATE N/A Y Y
Create symbolic link CREATESYM Y Y Y
Delete DELETE N/A Y Y
Disable auditing DISABLEAUDIT Y Y N
Enable auditing ENABLEAUDIT Y Y N
Get attributes GETATTR Y Y Y
Get extended attributes GETXATTR Y Y Y
Get the mode bits for files/directories accessed over NFS GETPERM Y Y Y
List extended attributes LISTXATTR Y Y Y
Lookup LOOKUP Y Y Y
Create directory MKDIR Y N/A Y
Read a file READ N/A Y Y
Read a directory READDIR Y N/A Y
Remove extended attributes REMOVEXATTR Y Y Y
Rename RENAME Y Y Y
Delete a directory RMDIR Y N/A Y
Set attributes SETATTR Y Y Y
Set extended attributes SETXATTR Y Y Y
Truncate a file TRUNCATE N/A Y Y
Write to a file WRITE N/A Y Y

Auditing of operations on MapR-DB binary tables and JSON tables

The following operations on both types of MapR-DB tables are audited by default and operations with Y in the Selective Auditing Support column can be included and/or excluded from auditing. Operations with N in the Selective Auditing Support column are audited by default and cannot be excluded from auditing. Notes indictate where an operation is audited for only one type of table.

Operation Name in Audit Logs Selective Auditing Support
Create a column family DB_CFCREATE Y
Modify a column family DB_CFMODIFY Y
Delete a column family DB_CFREMOVE Y
Scan a column DB_CFSCAN Y
Get data DB_GET Y
Perform incremental bulk load DB_IMPORTBUCKET N
Perform full bulk load DB_IMPORTSEGMENT N
Put data DB_PUT Y
Compact a table region DB_REGIONCOMPACT N
Look up a region on the current node DB_REGIONLOOKUP N
Merge two consecutive regions DB_REGIONMERGE N
Split a region into two DB_REGIONSPLIT N
Configure a replica for a table DB_REPLICAADD N
Edit the replica for a table DB_REPLICAEDIT N
List the replicas for a table DB_REPLICALIST N
Remove a replica for a table DB_REPLICAREMOVE N
Scan a table DB_SCAN Y
Create a table DB_TABLECREATE Y
View information about a table DB_TABLEINFO Y
Modify a table DB_TABLEMODIFY Y
Add an upstream source to a replica DB_UPSTREAMADD N
List all upstream sources for a replica DB_UPSTREAMLIST N
Remove an upstream source for a replica DB_UPSTREAMREMOVE N

Auditing of operations on MapR streams

The following operations on MapR streams are audited by default and operations with Y in the Selective Auditing Support column can be included and/or excluded from auditing. Operations with N in the Selective Auditing Support column are audited by default and cannot be excluded from auditing. Notes indictate where an operation is audited for only one type of table.

Operation Name in Audit Logs Selective Auditing Support
Modify attributes or permissions of a stream DB_CFMODIFY Y
Produce messages to topics of a stream DB_PUT Y
Add a replica DB_REPLICAADD N
Edit a replica DB_REPLICAEDIT N
List the replicas for a stream DB_REPLICALIST N
Remove a replica DB_REPLICAREMOVE N
Consume messages from topics of a stream DB_SCAN Y
Add an upstream source to a replica DB_UPSTREAMADD N
List all upstream sources for a replica DB_UPSTREAMLIST N
Remove an upstream source from a replica DB_UPSTREAMREMOVE N