Details
Audit logging in Cassandra logs every incoming CQL command request, Authentication (successful as well as unsuccessful login) to C* node. Currently, there are two implementations provided, the custom logger can be implemented and injected with the class name as a parameter in cassandra.yaml.
Rationale:
Unauthorized attempts to create, drop or alter users or data should be a concern.
Solution
Open Source Version
Apache Cassandra versions up to 3.11.4 does not have auditing capabilities, it will be in version 4.x but that has not been released yet according to apache Cassandra website. http://cassandra.apache.org/download/
Commercial Version
Open the dse.yaml file in a text editor
In the audit_logging_options section, set enabled to true.
# Audit logging options
audit_logging_options:
enabled: true
You must also define where you want logging to go, add either of the following lines:
Set the logger option to either CassandraAuditWriter, which logs to a table, or SLF4JAuditWriter, which logs to the SLF4J logger.
References:
https://docs.datastax.com/en/datastax_enterprise/4.8/datastax_enterprise/sec/secAudit.html#secAudit
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.