Outdated Version

You are viewing an older version of this section. View current production version.

Configuring Audit Logging min read


Info

This topic does not apply to SingleStore Managed Service.

Warning

As of the time of this publication, audit logging features are made available and licensed only as part of the SingleStore DB Advanced Security Option. Before using or implementing this functionality, please consult with your enterprise’s licensing administrator to confirm that your enterprise has purchased the necessary Advanced Security Option license from SingleStore.

Audit Logging Configuration Variables

There are five configuration variables associated with audit logging, which are described in the following table.

Setting Name Value
auditlog_level Specifies the audit logging level. By default, this value is set to OFF. Ten other levels are available — see Audit Logging Levels for more information.
auditlog_disk_sync Specifies whether every audit log record is synchronously written and persisted to the disk. By default, this value is set to OFF and audit log disk syncs are delayed.
auditlog_rotation_size Specifies the maximum size per log file in bytes. By default, this value is set to 128MB, or 134217728 bytes.
auditlog_rotation_time Specifies the maximum time duration to write to a single log file in seconds. The log rotation check happens when SingleStore DB writes audit entries to the log. Therefore, in some rare cases (and especially on leaf nodes) where there are not a lot of entries written to the log, it is possible that the log is not rotated for greater periods of time than configured in auditlog_rotation_time. By default, this value is set to 1 hour, or 3600 seconds.
auditlogsdir Specifies the local or network directory to write log files. By default, this value is set to the auditlogs directory in your node’s SingleStore DB directory. For example: /var/lib/memsql/<node-type>-<port>/auditlogs

To enable audit logging, set auditlog_level to a value other than OFF. The other variables described in the table above have default values that can be overridden, if desired.

How to Enable and Configure Audit Logging

You can enable and configure audit logging using the following two methods. With each method, you can set the variables that are described in the previous section. Note that you can only set these variables to take effect when a node starts, as opposed to taking effect while a node is running.

Method 1: Use SingleStore Tools (the Preferred Method)

  1. Update the audit logging configuration variables using the sdb-admin update-config command or using the memsqlctl update-config command. Use the --all flag to update the variable settings on all nodes. For example, execute the following commands:

    sdb-admin update-config --all --key "auditlog_level" --value "ADMIN-ONLY"
    sdb-admin update-config --all --key "auditlog_disk_sync" --value "OFF"
    sdb-admin update-config --all --key "auditlog_rotation_size" --value "134217728"
    sdb-admin update-config --all --key "auditlog_rotation_time" --value "3600"
    sdb-admin update-config --all --key "auditlogsdir" --value "/var/lib/memsql/master-3306-1/auditlogs"
    
  2. Restart the nodes in one of two ways:

    sdb-admin restart-node --all
    
    memsqlctl restart-node --all
    
  3. Ensure that SingleStore DB starts successfully. Once started, validate that your settings have been loaded successfully by executing the following command:

    SHOW GLOBAL VARIABLES LIKE 'audit%';
    ****
    +------------------------+-----------------------------------------+
    | Variable_name          | Value                                   |
    +------------------------+-----------------------------------------+
    | auditlog_level         | ADMIN-ONLY                              |
    | auditlog_disk_sync     | OFF                                     |
    | auditlog_rotation_size | 134217728                               |
    | auditlog_rotation_time | 3600                                    |
    | auditlogsdir           | /var/lib/memsql/master-3306-1/auditlogs |
    +------------------------+-----------------------------------------+
    

Once each node in your cluster has been updated with the new configuration changes, audit logging has been successfully configured and enabled.

Method 2: Modify the memsql.cnf File

Info

Always ensure that each node in your cluster has been stopped before making audit logging configuration changes in the memsql.cnf file.

  1. Open a new console window with access to the node you want to configure.

  2. Stop any SingleStore DB processes on the node. There are two common ways to stop SingleStore nodes:

  3. Audit logging variables are set in the memsql.cnf file in each node’s SingleStore DB path. By default, this path is /var/lib/memsql/<node-type>-<port>, or /var/lib/memsql/master-3306 for a typical master aggregator node. After a node has been stopped, navigate to the memsql.cnf path for the node and open the file with a text editor. Add the four required audit logging variables. For example, consider the following sample configuration:

    max-pooled-connections  = 100
    max-connection-threads = 256
    default-partitions-per-leaf = 8
    max_subselect_aggregator_rowcount = 0
    allow_user_functions
    
    auditlog_level = ADMIN-ONLY
    auditlog_disk_sync = OFF
    auditlog_rotation_size = 134217728
    auditlog_rotation_time = 3600
    auditlogsdir = /var/lib/memsql/master-3306-1/auditlogs
    
  4. When your configuration is complete, save the memsql.cnf file and exit the text editor.

    Warning

    Repeat the configuration update process for each node in your cluster before continuing.

  5. Start the node in one of two ways:

    sdb-admin start-node --all
    
    memsqlctl start-node --all
    
    
  6. Ensure that SingleStore DB starts successfully. Once started, validate that your settings have been loaded successfully by executing the following command:

    SHOW GLOBAL VARIABLES LIKE 'audit%';
    ****
    +------------------------+-----------------------------------------+
    | Variable_name          | Value                                   |
    +------------------------+-----------------------------------------+
    | auditlog_level         | ADMIN-ONLY                              |
    | auditlog_disk_sync     | OFF                                     |
    | auditlog_rotation_size | 134217728                               |
    | auditlog_rotation_time | 3600                                    |
    | auditlogsdir           | /var/lib/memsql/master-3306-1/auditlogs |
    +------------------------+-----------------------------------------+
    

Once each node in your cluster has been updated with the new configuration changes, audit logging has been successfully configured and enabled.