Created 02-13-2018 12:37 PM
Following type of logs fills up ambari-audit logs every sec.
2018-02-13T11:33:28.035Z, User(null), RemoteIp(x.x.x.x), Operation(xxxxx), Roles( ), Status(xxxxxx), Reason(Authentication required)
Created 02-13-2018 01:08 PM
@SURBHI BAKHTIYAR If we do not want to log the line which has "User(null)" in it then we
can make use of StringMatchFilter feature of log4j as following:
1). Edit the "/etc/ambari-serevr/conf/log4j.properties" and
add the following 3 lines in it Just below to the "audit" log appender.
#### This filter is used to skip the line that contains "User(null)" from being logged ###### log4j.appender.audit.filter.01=org.apache.log4j.varia.StringMatchFilter log4j.appender.audit.filter.01.StringToMatch=User(null) log4j.appender.audit.filter.01.AcceptOnMatch=false
.
Now the log4j.properties audit log appender will look like following:
# Audit logging log4j.logger.audit=INFO,audit log4j.additivity.audit=false log4j.appender.audit=org.apache.log4j.rolling.RollingFileAppender log4j.appender.audit.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy log4j.appender.audit.rollingPolicy.ActiveFileName=${ambari.log.dir}/${ambari.audit.file} log4j.appender.audit.rollingPolicy.FileNamePattern=${ambari.log.dir}/${ambari.audit.file}-%i.log.gz log4j.appender.audit.rollingPolicy.maxIndex=13 log4j.appender.audit.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy log4j.appender.audit.triggeringPolicy.maxFileSize=50000000 log4j.appender.audit.layout=org.apache.log4j.PatternLayout\ log4j.appender.audit.layout.ConversionPattern=%m%n #### This filter is used to skip the line that contains "User(null)" from being logged ###### log4j.appender.audit.filter.01=org.apache.log4j.varia.StringMatchFilter log4j.appender.audit.filter.01.StringToMatch=User(null) log4j.appender.audit.filter.01.AcceptOnMatch=false
2. Now restart ambari-server
# ambari-server restart
Please check the current timestamp in the ambari-audit log now to see that those User(null) messages will not appear in the log now.
.
Created 02-14-2018 07:24 AM
@Jay Kumar SenSharma Thankyou..This is what i was looking for. Just one question.. When are these logs generated and what do they tell?