This is documentation for MapR Version 5.0. You can also refer to MapR documentation for the latest release.

Skip to end of metadata
Go to start of metadata

When auditing of table operations is enabled at the cluster level, volume level, and filesystem level, each operation on a table is logged on the node where the operation was executed, which could differ from the node where the operation was initiated.

Typical log entries provide a timestamp of the operation, the type of operation, the UID of the user who ran the command, the IP address from which the user ran the command, identifiers of the affected resources, and the status of the operation. Fields such as  “ColumnFamily” and “Column” for some operations are also included when applicable. Row keys are not included. Status codes come from the Linux errno.h file. For a list of these codes, see Status Codes That Can Appear in Audit Logs.

Due to the way that the creation of tables is processed internally, sometimes the creation of tables is logged in FSAudit.log.json, rather than in DBAudit.log.json.

Below are some typical log entries:


To convert the user IDs to usernames, file identifiers to pathnames, and volume IDs to volume names, run the expandaudit utility. For example, here are the same audit records after they were processed by this utility:

  • No labels