{"id":8506,"date":"2024-07-25T15:58:50","date_gmt":"2024-07-25T07:58:50","guid":{"rendered":"https:\/\/nj.transwarp.cn:8180\/?p=8506"},"modified":"2025-03-21T17:08:31","modified_gmt":"2025-03-21T09:08:31","slug":"hdfs%e5%bc%80%e5%90%afaudit%e5%ae%a1%e8%ae%a1%e6%97%a5%e5%bf%97","status":"publish","type":"post","link":"https:\/\/kbwp.transwarp.cn\/?p=8506","title":{"rendered":"hadoop2 \u7248\u672c\u5f00\u542f hdfs \u7684 audit \u5ba1\u8ba1\u65e5\u5fd7\u65b9\u6cd5"},"content":{"rendered":"<h3>\u6982\u8981\u63cf\u8ff0<\/h3>\n<hr \/>\n<p>\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\uff0cHadoop2 \u7684 hdfs \u5982\u4f55\u5f00\u542f\u5ba1\u8ba1\u65e5\u5fd7\uff0c\u65b9\u4fbf\u5224\u65ad\u8bef\u5220\u6587\u4ef6\u4e4b\u7c7b\u7684\u64cd\u4f5c\u3002<\/p>\n<p><font color=red>\u6ce8\u610f: \u5f00\u542f\u5ba1\u8ba1\u65e5\u5fd7\u5bf9 hdfs \u6027\u80fd\u4f1a\u6709\u4e00\u5b9a\u5f71\u54cd\uff0c\u9ed8\u8ba4\u4e0d\u4f1a\u5f00\u542f\uff0c\u975e\u5fc5\u8981\u4e5f\u4e0d\u5efa\u8bae\u5f00\u542f\uff1b\u5982\u679c\u5f00\u542f\uff0c\u8bb0\u5f97\u53ca\u65f6\u5173\u95ed\uff01<\/font><\/p>\n<h3>\u8be6\u7ec6\u8bf4\u660e<\/h3>\n<hr \/>\n<ol>\n<li>\u4fee\u6539\u5bf9\u5e94\u7248\u672c\u7684 log4j.properties \u6a21\u7248\u6587\u4ef6<\/li>\n<li>\u914d\u7f6e\u670d\u52a1 hdfs \uff0c\u5e76\u91cd\u542f\u751f\u6548<\/li>\n<\/ol>\n<h3>\u4fee\u6539\u6b65\u9aa4<\/h3>\n<p>\u4fee\u6539<code>\/var\/lib\/transwarp-manager\/master\/content\/meta\/services\/HDFS\/transwarp-X.Y.Z-final\/templates\/log4j.properties.raw<\/code> \u6587\u4ef6\uff0c\u5c06<code>log4j.logger.org.apache.hadoop.hdfs.server.namenode.FSNamesystem.audit<\/code>\u7684\u503c\uff0c\u4fee\u6539\u4e3a<code>INFO,RFAAUDIT<\/code><\/p>\n<p><img decoding=\"async\" src=\"\/wp-content\/uploads\/2022\/07\/image-1656991466837.png\" alt=\"file\" \/><\/p>\n<p>\u914d\u7f6e\u670d\u52a1\uff0c\u91cd\u542fhdfs\uff0c\u91cd\u542f\u5b8c\u6210\u4e4b\u540e\uff0c\u786e\u8ba4\u4e0b<code>\/etc\/hdfsX\/conf\/log4j.properties<\/code>\u5df2\u7ecf\u4fee\u6539\u6210\u529f\u3002<\/p>\n<p><img decoding=\"async\" src=\"\/wp-content\/uploads\/2022\/07\/image-1656992310118.png\" alt=\"file\" \/><\/p>\n<p>\u5230active namenode\u8282\u70b9\u4e0b\uff0c\/var\/log\/hdfs1\/hdfs-audit.log \u53ef\u4ee5\u770b\u5230\u5ba1\u8ba1\u65e5\u5fd7\u3002<\/p>\n<h3>\u6267\u884chdfs\u8bed\u53e5\u6d4b\u8bd5\u5ba1\u8ba1\u529f\u80fd<\/h3>\n<p><strong>1.\u653e\u7f6e\u6d4b\u8bd5\u6587\u4ef6\u5230\/tmp\/\u76ee\u5f55\u4e0b<\/strong><\/p>\n<pre><code class=\"language-shell\">[root@argodb1~]$ hadoop fs -put .\/ojdbc6.jar \/tmp\/\n2022-07-05 11:07:31,599 INFO util.KerberosUtil: Using principal pattern: HTTP\/_HOST\n[root@argodb1~]$ hadoop fs -rm -r -f \/tmp\/ojdbc6.jar\n2022-07-05 11:08:20,348 INFO util.KerberosUtil: Using principal pattern: HTTP\/_HOST\n2022-07-05 11:08:21,561 INFO fs.TrashPolicyDefault: Namenode trash configuration: Deletion interval = 1440 minutes, Emptier interval = 0 minutes.\n2022-07-05 11:08:21,626 INFO fs.TrashPolicyDefault: Moved: 'hdfs:\/\/nameservice1\/tmp\/ojdbc6.jar' to trash at: hdfs:\/\/nameservice1\/user\/hdfs\/.Trash\/Current\/tmp\/ojdbc6.jar1656990501581\nMoved: 'hdfs:\/\/nameservice1\/tmp\/ojdbc6.jar' to trash at: hdfs:\/\/nameservice1\/user\/hdfs\/.Trash\/Current<\/code><\/pre>\n<p>\u53ef\u4ee5\u770b\u5230\uff0c\u9996\u5148\u4f1a\u521b\u5efa_COPYING_\u6587\u4ef6\uff0c\u518d\u5c06_COPYING_\u6587\u4ef6rename\u6210\u771f\u5b9e\u7684\u540d\u79f0\u3002<\/p>\n<pre><code class=\"language-ruby\">[root@argodb2\/var\/log\/hdfs1]$ tailf hdfs-audit.log \n2022-07-05 11:07:32,947 INFO FSNamesystem.audit: allowed=true   ugi=hdfs@ARGODBTDH (auth:KERBEROS)  ip=\/172.22.23.1 cmd=create  src=\/tmp\/ojdbc6.jar._COPYING_   dst=null    perm=hdfs:hadoop:rw-r--r--  proto=rpc\n2022-07-05 11:07:34,247 INFO FSNamesystem.audit: allowed=true   ugi=hdfs@ARGODBTDH (auth:KERBEROS)  ip=\/172.22.23.1 cmd=rename  src=\/tmp\/ojdbc6.jar._COPYING_   dst=\/tmp\/ojdbc6.jar perm=hdfs:hadoop:rw-r--r--  proto=rpc<\/code><\/pre>\n<p><strong>2.\u5c06\/tmp\/ojdbc6.jar\u6587\u4ef6\u5220\u9664\u81f3\u56de\u6536\u7ad9<\/strong><\/p>\n<pre><code class=\"language-shell\">[root@argodb1~]$ hadoop fs -rm -r -f \/tmp\/ojdbc6.jar\n2022-07-05 11:08:20,348 INFO util.KerberosUtil: Using principal pattern: HTTP\/_HOST\n2022-07-05 11:08:21,561 INFO fs.TrashPolicyDefault: Namenode trash configuration: Deletion interval = 1440 minutes, Emptier interval = 0 minutes.\n2022-07-05 11:08:21,626 INFO fs.TrashPolicyDefault: Moved: 'hdfs:\/\/nameservice1\/tmp\/ojdbc6.jar' to trash at: hdfs:\/\/nameservice1\/user\/hdfs\/.Trash\/Current\/tmp\/ojdbc6.jar1656990501581\nMoved: 'hdfs:\/\/nameservice1\/tmp\/ojdbc6.jar' to trash at: hdfs:\/\/nameservice1\/user\/hdfs\/.Trash\/Current<\/code><\/pre>\n<p>\u53ef\u4ee5\u770b\u5230\uff0c\u9996\u5148\u4f1a\u521b\u5efa\u56de\u6536\u7ad9\u4e2d\u7684\u5bf9\u5e94\u76ee\u5f55\uff0c\u518d\u5c06_\u6587\u4ef6rename\u5230\u8fd9\u4e2a\u76ee\u5f55\u4e0b\u52a0\u4e0a\u65f6\u95f4\u6233\u3002<\/p>\n<pre><code class=\"language-ruby\">[root@argodb2\/var\/log\/hdfs1]$ tailf hdfs-audit.log \n2022-07-05 11:08:21,575 INFO FSNamesystem.audit: allowed=true   ugi=hdfs@ARGODBTDH (auth:KERBEROS)  ip=\/172.22.23.1 cmd=mkdirs  src=\/user\/hdfs\/.Trash\/Current\/tmp   dst=null    perm=hdfs:hadoop:rwx------  proto=rpc\n2022-07-05 11:08:21,624 INFO FSNamesystem.audit: allowed=true   ugi=hdfs@ARGODBTDH (auth:KERBEROS)  ip=\/172.22.23.1 cmd=rename (options=[TO_TRASH]) src=\/tmp\/ojdbc6.jar dst=\/user\/hdfs\/.Trash\/Current\/tmp\/ojdbc6.jar1656990501581   perm=hdfs:hadoop:rw-r--r--  proto=rpc<\/code><\/pre>\n<h3>\u6267\u884csql\u8bed\u53e5\u6d4b\u8bd5\u5ba1\u8ba1\u529f\u80fd<\/h3>\n<p><strong>1.\u521b\u5efaorc\u4e8b\u52a1\u8868\u5e76\u63d2\u5165\u6570\u636e<\/strong><\/p>\n<pre><code class=\"language-sql\">CREATE TABLE EMP_TORC(\n       EMPNO int,\n       ENAME string,\n       JOB string,\n       MGR INT,\n       HIREDATE DATE,\n       SAL INT,\n       COMM INT,\n       DEPTNO INT\n)CLUSTERED BY (empno) INTO 3 BUCKETS \nSTORED AS ORC_TRANSACTION;\n\nINSERT INTO EMP_TORC VALUES (7369,'SMITH','CLERK',7902,tdh_todate('17-12-1980','dd-mm-yyyy'),800,NULL,20);\n<\/code><\/pre>\n<p><strong>2.\u6267\u884ctruncate\u64cd\u4f5c<\/strong><\/p>\n<pre><code class=\"language-sql\">TRUNCATE TABLE EMP_TORC;<\/code><\/pre>\n<pre><code class=\"language-ruby\">2022-07-05 11:35:38,501 INFO FSNamesystem.audit: allowed=true   ugi=hive\/argodb1@ARGODBTDH (auth:KERBEROS)  ip=\/172.22.23.1 cmd=delete  src=\/argodbcomputing1\/tmp\/hive\/hive\/18d0c7e3-0276-449d-8d23-81ed9cec22e4\/hive_2022-07-05_11-35-38_411_9126793528236407643-6 dst=null    perm=null   proto=rpc\n2022-07-05 11:35:38,630 INFO FSNamesystem.audit: allowed=true   ugi=hive\/argodb1@ARGODBTDH (auth:KERBEROS)  ip=\/172.22.23.1 cmd=getAclStatus    src=\/argodbstorage1\/user\/hive\/warehouse\/default.db\/hive\/emp_torc    dst=null    perm=null   proto=rpc\n2022-07-05 11:35:38,640 INFO FSNamesystem.audit: allowed=true   ugi=hive\/argodb1@ARGODBTDH (auth:KERBEROS)  ip=\/172.22.23.1 cmd=mkdirs  src=\/user\/hive\/.Trash\/Current\/argodbstorage1\/user\/hive\/warehouse\/default.db\/hive    dst=null    perm=hive:hadoop:rwx------  proto=rpc\n2022-07-05 11:35:38,648 INFO FSNamesystem.audit: allowed=true   ugi=hive\/argodb1@ARGODBTDH (auth:KERBEROS)  ip=\/172.22.23.1 cmd=rename (options=[TO_TRASH]) src=\/argodbstorage1\/user\/hive\/warehouse\/default.db\/hive\/emp_torc    dst=\/user\/hive\/.Trash\/Current\/argodbstorage1\/user\/hive\/warehouse\/default.db\/hive\/emp_torc   perm=hive:hive:rwx--x--x    proto=rpc\n2022-07-05 11:35:38,657 INFO FSNamesystem.audit: allowed=true   ugi=hive\/argodb1@ARGODBTDH (auth:KERBEROS)  ip=\/172.22.23.1 cmd=mkdirs  src=\/argodbstorage1\/user\/hive\/warehouse\/default.db\/hive\/emp_torc    dst=null    perm=hive:hive:rwxr-xr-x    proto=rpc\n2022-07-05 11:35:38,678 INFO FSNamesystem.audit: allowed=true   ugi=hive\/argodb1@ARGODBTDH (auth:KERBEROS)  ip=\/172.22.23.1 cmd=setAcl  src=\/argodbstorage1\/user\/hive\/warehouse\/default.db\/hive\/emp_torc    dst=null    perm=hive:hive:rwx--x--x    proto=rpc\n2022-07-05 11:35:38,684 INFO FSNamesystem.audit: allowed=true   ugi=hive\/argodb1@ARGODBTDH (auth:KERBEROS)  ip=\/172.22.23.1 cmd=getAclStatus    src=\/argodbstorage1\/user\/hive\/warehouse\/default.db\/hive\/emp_torc    dst=null    perm=null   proto=rpc\n<\/code><\/pre>\n<p><strong>3.\u6267\u884cdrop table\u64cd\u4f5c<\/strong><\/p>\n<pre><code class=\"language-sql\">DROP TABLE IF EXISTS EMP_TORC;<\/code><\/pre>\n<pre><code class=\"language-ruby\">2022-07-05 11:36:01,726 INFO FSNamesystem.audit: allowed=true   ugi=hive\/argodb1@ARGODBTDH (auth:KERBEROS)  ip=\/172.22.23.1 cmd=delete  src=\/argodbcomputing1\/tmp\/hive\/hive\/18d0c7e3-0276-449d-8d23-81ed9cec22e4\/hive_2022-07-05_11-36-01_648_8496947721525852599-6 dst=null    perm=null   proto=rpc\n2022-07-05 11:36:01,925 INFO FSNamesystem.audit: allowed=true   ugi=hive\/argodb1@ARGODBTDH (auth:KERBEROS)  ip=\/172.22.23.1 cmd=mkdirs  src=\/user\/hive\/.Trash\/Current\/argodbstorage1\/user\/hive\/warehouse\/default.db\/hive    dst=null    perm=hive:hadoop:rwx------  proto=rpc\n2022-07-05 11:36:01,935 INFO FSNamesystem.audit: allowed=true   ugi=hive\/argodb1@ARGODBTDH (auth:KERBEROS)  ip=\/172.22.23.1 cmd=rename (options=[TO_TRASH]) src=\/argodbstorage1\/user\/hive\/warehouse\/default.db\/hive\/emp_torc    dst=\/user\/hive\/.Trash\/Current\/argodbstorage1\/user\/hive\/warehouse\/default.db\/hive\/emp_torc1656992161924  perm=hive:hive:rwx--x--x    proto=rpc\n2022-07-05 11:36:02,365 INFO FSNamesystem.audit: allowed=true   ugi=hive\/argodb1@ARGODBTDH (auth:KERBEROS)  ip=\/172.22.23.1 cmd=delete  src=\/argodbcomputing1\/tmp\/hive\/hive\/025a7840-8911-4053-96d9-22a7daf0a392\/hive_2022-07-05_11-36-02_084_7317455245331088578-9 dst=null    perm=null   proto=rpc\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u6982\u8981\u63cf\u8ff0 \u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\uff0cHadoop2 \u7684 hdfs \u5982\u4f55\u5f00\u542f\u5ba1\u8ba1\u65e5\u5fd7\uff0c\u65b9\u4fbf\u5224\u65ad\u8bef\u5220\u6587\u4ef6\u4e4b\u7c7b\u7684\u64cd\u4f5c\u3002 \u6ce8\u610f:  ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/kbwp.transwarp.cn\/?p=8506\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":12,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[121],"tags":[],"class_list":["post-8506","post","type-post","status-publish","format-standard","hentry","category-121"],"acf":[],"_links":{"self":[{"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=\/wp\/v2\/posts\/8506","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8506"}],"version-history":[{"count":3,"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=\/wp\/v2\/posts\/8506\/revisions"}],"predecessor-version":[{"id":16230,"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=\/wp\/v2\/posts\/8506\/revisions\/16230"}],"wp:attachment":[{"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8506"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8506"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}