Configure Audit Logging

Note

Audit logging features are only available in the SingleStore Premium edition.

Warning

As of the time of this publication, strict mode is available and licensed only as part of the SingleStore Premium edition.

To enable audit logging, set auditlog_level to a value other than OFF. See Audit Logging Levels for more information.

You can configure audit logging using the following variables:

Setting Name

Value

auditlog_disk_sync

Specifies whether every audit log record is synchronously written and persisted to the disk. By default, this value is set to OFF and audit log disk syncs are delayed.

auditlog_level

Specifies the audit logging level. By default, this value is set to OFF. Ten other levels are available — see Audit Logging Levels for more information.

auditlog_retention_period

Indicates the retention period (in days) for audit log files. Setting this to 0 (the default) means that log files will be kept on the server indefinitely.

auditlog_rotation_size

Specifies the maximum size per log file in bytes. By default, this value is set to 128MB, or 134217728 bytes.

auditlog_rotation_time

Specifies the maximum time duration to write to a single log file in seconds. The log rotation check happens when SingleStore writes audit entries to the log. Therefore, in some rare cases (and especially on leaf nodes) where there are not a lot of entries written to the log, it is possible that the log is not rotated for greater periods of time than configured in auditlog_rotation_time. By default, this value is set to 1 hour, or 3600 seconds.

auditlogsdir

Specifies the local or network directory to write log files. By default, this value is set to the auditlogs directory in your node’s SingleStore directory. For example: /var/lib/memsql/<node-type>-<port>/auditlogs

How to Enable and Configure Audit Logging

You may enable and configure audit logging using the following two methods. With each method, you can set the variables that are described in the previous section. Note that you can only set these variables to take effect when a node starts, as opposed to taking effect while a node is running.

Toolbox preserves the node's base directory (or “basedir”) during an upgrade. By default, Toolbox sets the auditlogsdir relative to the node’s base directory, and the value for auditlogsdir to auditlogs. For the tarball-based deployments, a node’s default base directory is ~/memsql/nodes/<hash>, however, the base directory can be anywhere on the filesystem.

When changing the value of auditlogsdir, SingleStore suggests using either:

  • A relative path

  • An absolute path outside of the memsql directory (i.e., outside of /var/lib/memsql).

    For example, /var/log/memsql or /var/log/singlestore are suitable provided that the memsql:memsql permissions are also set on this directory.

Method 1: Use SingleStore Tools (Preferred Method)

  1. Update the audit logging configuration variables using the sdb-admin update-config command. Use the --all flag to update the variable settings on all nodes. For example, execute the following commands:

    sdb-admin update-config --all --key "auditlog_level" --value "ADMIN-ONLY"
    sdb-admin update-config --all --key "auditlog_disk_sync" --value "OFF"
    sdb-admin update-config --all --key "auditlog_rotation_size" --value "134217728"
    sdb-admin update-config --all --key "auditlog_rotation_time" --value "3600"
    sdb-admin update-config --all --key "auditlogsdir" --value "<value>"

    For sdb-admin update-config --all --key "auditlogsdir" --value "<value>":

    • To set the auditlogsdir value to auditlogs:

      sdb-admin update-config --all --key "auditlogsdir" --value "auditlogs"
    • To set the auditlogsdir value within /var/lib/memsql:

      sdb-admin update-config --all --key "auditlogsdir" --value "/var/lib/memsql/master-3306-1/auditlogs"
    • To set the auditlogsdir value outside of /var/lib/memsql:

      sdb-admin update-config --all --key "auditlogsdir" --value "/var/log/singlestore"
  2. Restart the nodes.

    sdb-admin restart-node --all
  3. Ensure that SingleStore starts successfully. Once started, validate that your settings have been loaded successfully by executing the following SQL command in a SQL client.

    SHOW GLOBAL VARIABLES LIKE 'audit%';
    +---------------------------+-----------------------------------------+
    | Variable_name             | Value                                   |
    +---------------------------+-----------------------------------------+
    | auditlog_disk_sync        | OFF                                     |
    | auditlog_level            | ADMIN-ONLY                              |
    | auditlog_retention_period | 0                                       |
    | auditlog_rotation_size    | 134217728                               |
    | auditlog_rotation_time    | 3600                                    |
    | auditlogsdir              | /var/lib/memsql/master-3306-1/auditlogs |
    +---------------------------+-----------------------------------------+

Once each node in your cluster has been updated with the new configuration changes, audit logging has been successfully configured and enabled.

Method 2: Modify the memsql.cnf File

Note

Always ensure that each node in your cluster has been stopped before making audit logging configuration changes in the memsql.cnf file.

  1. Open a new console window with access to the node you want to configure.

  2. Stop any SingleStore processes on the node.

    sdb-admin stop-node --all
  3. Audit logging variables are set in the memsql.cnf file in each node’s SingleStore path. By default, the path for a typical Master Aggregator node is:

    • For RPM and Debian deployments: /var/lib/memsql/<hash>

    • For tarball-based deployments: ~/memsql/nodes/<hash>

    After a node has been stopped, navigate to the memsql.cnf path for the node and open the file with a text editor. Add the four required audit logging variables.

    For example, consider the following sample configuration:

    max-pooled-connections  = 100
    max-connection-threads = 256
    default-partitions-per-leaf = 8
    max_subselect_aggregator_rowcount = 0
    allow_user_functions
    
    auditlog_level = ADMIN-ONLY
    auditlog_disk_sync = OFF
    auditlog_rotation_size = 134217728
    auditlog_rotation_time = 3600
    auditlogsdir = <value>

    For auditlogsdir = <value>:

    • To set the auditlogsdir value to auditlogs:

      auditlogsdir = auditlogs
    • To set the auditlogsdir value within /var/lib/memsql:

      auditlogsdir = /var/lib/memsql/master-3306-1/auditlogs
    • To set the auditlogsdir value outside of /var/lib/memsql:

      auditlogsdir = /var/log/singlestore
  4. When your configuration is complete, save the memsql.cnf file and exit the text editor.

    Warning

    Repeat the configuration update process for each node in your cluster before continuing.

  5. Start the node.

    sdb-admin start-node --all
  6. Ensure that SingleStore starts successfully. Once started, validate that your settings have been loaded successfully by executing the following SQL command in a SQL client.

    SHOW GLOBAL VARIABLES LIKE 'audit%';
    +---------------------------+-----------------------------------------+
    | Variable_name             | Value                                   |
    +---------------------------+-----------------------------------------+
    | auditlog_disk_sync        | OFF                                     |
    | auditlog_level            | ADMIN-ONLY                              |
    | auditlog_retention_period | 0                                       |
    | auditlog_rotation_size    | 134217728                               |
    | auditlog_rotation_time    | 3600                                    |
    | auditlogsdir              | /var/lib/memsql/master-3306-1/auditlogs |
    +---------------------------+-----------------------------------------+

Once each node in your cluster has been updated with the new configuration changes, audit logging has been successfully configured and enabled.

Disabling Audit Logging

When the auditlog_level is set to OFF (from previously being enabled), the following message is printed in the tracelog:

04162153 2020-08-11 19:16:03.489   INFO: Audit Logging disabled (auditlog_level set to OFF).

Last modified: May 29, 2024

Was this article helpful?