Linux-UNIX: Configuring Apache Cassandra and S-TAP for auditing interception
Configure Apache Cassandra and S-TAP® to monitor encrypted traffic on Apache Cassandra. Monitoring includes authorization messages for login, normal SQLs, prepared statements, batch statements, bind variables, and bound values. This configuration does not require an inspection engine or K-TAP.
About this task
To configure Apache Cassandra and S-TAP for auditing,
configure a logback to write to the S-TAP Cassandra audit
reader in the same directory as the guard_stap
.cassandra_audit executable. The logback is created when you enable Cassandra
Audit in the S-TAP configuration.
Specify the value for cassandra_audit_delimiter in the output string for
logback.
- guardium_cassandra_audit-3.4.jar (for the query handler, versions 3.4 to 3.10)
- guardium_cassandra_audit-3.11.jar (for the query handler, version 3.11 only)
- guardium_cassandra_audit-4.0.jar (for the query handler, versions 4.0 and higher)
The user who runs the Cassandra database must be authorized to write to the cassandra pipe in the
S-TAP
directory. Use guardctl authorize-user to add the user to the
Guardium
group.
When you copy the JAR files to the cassandra directory, make sure that the cassandra user has the proper permissions to read them.
Apache Cassandra auditing supports multi-tenancy.
Procedure
What to do next
package com.ibm.guardium;
import java.nio.ByteBuffer;
public interface IGuardAuthenticatorDecoder
{
String getUsername(byte[] clientResponse);
}