Does ScyllaDB Enterprise support auditing of error audit logs or not? I was trying to execute some Error CQL queries but unable to see the Error logs in audit.audit_table

subrato · December 14, 2023, 8:25am

As you can see only success audit logs are here, but Error audit logs are not appearing.

date                            | node      | event_time                           | category | consistency | error | keyspace_name | operation                                                                                                                                                                                                   | source    | table_name | username
---------------------------------+-----------+--------------------------------------+----------+-------------+-------+---------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------+------------+-----------
 2023-12-04 00:00:00.000000+0000 | 127.0.0.1 | e86a8193-92b9-11ee-b5c8-08dfdd5d6623 |     AUTH |             | False |               |                                                                                                                                                                                                       LOGIN | 127.0.0.1 |            | cassandra
 2023-12-04 00:00:00.000000+0000 | 127.0.0.1 | f36177e2-92b9-11ee-b2c7-08e0dd5d6623 |      DML |         ONE | False |    mykeyspace |                                                                                                                                                                                             USE mykeyspace; | 127.0.0.1 |            | cassandra
 2023-12-04 00:00:00.000000+0000 | 127.0.0.1 | 4324ef1e-92bb-11ee-b2c7-08e0dd5d6623 |      DDL |         ONE | False |    mykeyspace |                                                                                                                                                                                         DROP TABLE mytable; | 127.0.0.1 |    mytable | cassandra
 2023-12-04 00:00:00.000000+0000 | 127.0.0.1 | 51a24e35-92bb-11ee-b2c7-08e0dd5d6623 |      DDL |         ONE | False |    mykeyspace |                                                                                                           CREATE TABLE mytable (\n     movie VARCHAR PRIMARY KEY, director VARCHAR, main_actor VARCHAR\n ); | 127.0.0.1 |    mytable | cassandra
 2023-12-04 00:00:00.000000+0000 | 127.0.0.1 | 78edd5f3-92bb-11ee-b2c7-08e0dd5d6623 |      DML |         ONE | False |    mykeyspace |                                                                          INSERT INTO mytable (movie, director, main_actor)\nVALUES ('Serenity', 'Anonymous', 'Unknown')\nUSING TIMESTAMP  1442880000000000; | 127.0.0.1 |    mytable | cassandra
 2023-12-04 00:00:00.000000+0000 | 127.0.0.1 | 958c8825-92bc-11ee-b5c8-08dfdd5d6623 |      DCL |         ONE | False |               |                                                                                                                                                   CREATE ROLE alice WITH PASSWORD = '***' AND LOGIN = true; | 127.0.0.1 |            | cassandra
 2023-12-04 00:00:00.000000+0000 | 127.0.0.1 | 10a3f9fd-92bd-11ee-b2c7-08e0dd5d6623 |      DCL |         ONE | False |               |                                                                                                                                                                     ALTER ROLE alice WITH PASSWORD = '***'; | 127.0.0.1 |            | cassandra
 2023-12-04 00:00:00.000000+0000 | 127.0.0.1 | 49594373-92c0-11ee-b5c8-08dfdd5d6623 |      DML |         ONE | False |    mykeyspace |                                                                                                                                                                    TRUNCATE TABLE mytable USING TIMEOUT 5m; | 127.0.0.1 |    mytable | cassandra
 2023-12-04 00:00:00.000000+0000 | 127.0.0.1 | 0e5ef2a7-92c1-11ee-b5c8-08dfdd5d6623 |    ADMIN |         ONE | False |               |                                                                                                                                                  CREATE SERVICE_LEVEL IF NOT EXISTS OLAP WITH SHARES = 100; | 127.0.0.1 |            | cassandra
 2023-12-04 00:00:00.000000+0000 | 127.0.0.1 | 99ece5bb-92c4-11ee-b2c7-08e0dd5d6623 |      DML |         ONE | False |    mykeyspace |                                                                                                                                                               DELETE FROM mytable WHERE movie = 'Serenity'; | 127.0.0.1 |    mytable | cassandra

roy · January 26, 2024, 1:41pm

What do you mean by “Error audit logs”?
Can you please give examples?

subrato · January 26, 2024, 1:55pm

Suppose I execute some error query like… Wanna create table which already exist so it should generate the audit logs with “ERROR” column “true” and also syntax error audit logs are also not generating. Does that means it did not support audit logs for error queries.??

I am getting only error audit logs for Authorization error type when an unauthorised user try to execute some query then it will through an error and it is capturing this error audit log only.

roy · January 26, 2024, 2:00pm

No, it’s not supported for CQL queries.
You can report an issue if you think it’s a valid use case you’re interested in such functionality and someone will examine this possibility.

subrato · January 26, 2024, 2:05pm

Yeah it is a major problem.

It is a valid use case. I am using this as a security purpose in my project by sending this audit logs to system so that I can able to see what is going on. Suppose someone execute something which might affect our database but as I said it did not audit those error logs then it could be a problem, how can we know that what are the activity which was performed.

How can I raise this issue so that officials could take a look into it?

Botond_Denes · January 29, 2024, 9:21am

Failed requests are not executed in the database and therefore do not affect the database (other than the added load of processing them).

How can I raise this issue so that officials could take a look into it?

Normally, feature requests for enterprise-only features go through the ScyllaDB support channels, established during the sales process. I do not know how this works for a enterprise trial subscription, there is no established process for this. Normally, pre-deployment issues like this are worked out during the POC. You can contact sales to get a POC going.

subrato · January 29, 2024, 9:23am

Ok thanks for this info.

Topic		Replies	Views
How to Enable Audit logs for ScyllaDB, how many types of queries it supports and how to see the audit logs for the executed query. Also, how its audit log looks like ScyllaDB	8	460	November 29, 2023
I Want to know configuration of scylla.yaml file for ScyllaDB Enterprise 30days trial edition on UBUNTU so that i can Capture CQL query audit logs ScyllaDB	1	293	December 1, 2023
Auditing in Scylla Db Cloud ScyllaDB cloud , auditing	9	189	January 25, 2024
I found a Bug in Scylladb enterprising auditing, where for CREATE TABLE, DROP TABLE, these types of queries sometimes generating duplicate audit logs ScyllaDB	11	180	February 2, 2024
I have saw multiple integration in ScyllaDB Enterprise. But nowhere is mentioned that is it possible to fetch audit logs for those integration ScyllaDB	3	119	January 17, 2024

Does ScyllaDB Enterprise support auditing of error audit logs or not? I was trying to execute some Error CQL queries but unable to see the Error logs in audit.audit_table

Related topics