GridGain Developers Hub

Monitoring and Auditing Web Console Activity

You can use the EVT_MANAGEMENT_TASK_STARTED event to track user activity performed in Visor or Web Console (actions performed directly via Java/C++/.NET or the various thin clients are tracked elsewhere). Here’s a list of the available tasks it tracks.

Enabling Cluster Auditing

  1. Enable the EVT_MANAGEMENT_TASK_STARTED event type:

    <property name="includeEventTypes">
    <list>
        <util:constant static-field="org.apache.ignite.events.EventType.EVT_MANAGEMENT_TASK_STARTED"/>
    </list>
</property>

  2. Implement EventStorageSpi. The implementation will receive all events in its record() method. After that you can log or store the events however you prefer.

  3. Specify your EventStorageSpi in the Ignite configuration:

    <property name="eventStorageSpi">
    <!-- Insert the name of your implementation here. -->
    <bean class="org.gridgain.examples.events.MgmtAuditEventStorageSpi"/>
</property>

Example EventStorageSpi Implementation

Here is a simple EventStorageSpi that ignores all events except EVT_MANAGEMENT_TASK_STARTED. It doesn’t store the events anywhere, it just writes them to the log.

Note how this implementation extends IgniteSpiAdapter. This is to get access to the call getSpiContext().authenticatedSubject(…​) which is used to convert the subject ID into a human-readable username in the login= field in the events.

public class MgmtAuditEventStorageSpi extends IgniteSpiAdapter implements EventStorageSpi {
    @LoggerResource
    private IgniteLogger log;

    @Override
    public <T extends Event> Collection<T> localEvents(IgnitePredicate<T> p) {
        return null;
    }

    @Override
    public void record(Event evt) throws IgniteSpiException {
        if (evt.type() == EVT_MANAGEMENT_TASK_STARTED) {
            TaskEvent taskEvent = (TaskEvent) evt;

            SecuritySubject subj = taskEvent.subjectId() != null
                    ? getSpiContext().authenticatedSubject(taskEvent.subjectId())
                    : null;

            log.info("Management task started: [" +
                    "name=" + taskEvent.taskName() + ", " +
                    "eventNode=" + taskEvent.node() + ", " +
                    "timestamp=" + taskEvent.timestamp() + ", " +
                    "info=" + taskEvent.message() + ", " +
                    "subjectId=" + taskEvent.subjectId() + ", " +
                    "secureSubject=" + subj +
                    "]");
        }
    }

    @Override
    public void spiStart(@Nullable String igniteInstanceName) throws IgniteSpiException {
        /* No-op. */
    }

    @Override
    public void spiStop() throws IgniteSpiException {
        /* No-op. */
    }
}

Example Output

In the following examples, you can see the task name at the beginning of each output: name=, and the username at the end: login=.

[2019-08-01 12:09:34,386][INFO ][rest-#66][MgmtAuditEventStorageSpi] Management task started:
[name=VisorThreadDumpTask, eventNode=TcpDiscoveryNode
[id=a2039eff, consistentId=0:0:0:0:0:0:0:1%lo0,127.0.0.1,172.2.6.7:47501,
addrs=ArrayList [0:0:0:0:0:0:0:1%lo0, 127.0.0.1, 172.2.6.7],
sockAddrs=HashSet [/0:0:0:0:0:0:0:1%lo0:47501, /127.0.0.1:47501,
example.gridgain.local/172.2.6.7:47501], discPort=47501, order=2,
intOrder=2, lastExchangeTime=1564650459177, loc=true,
ver=2.5.6#20190801-sha1:00000000, isClient=false], timestamp=1564650574377,
info=[], subjectId=722a617a, secureSubject=SecuritySubjectAdapter
[id=722a617a, subjType=REMOTE_CLIENT, addr=/127.0.0.1:54321,
permissions=SecurityPermissionsUnmodifiableSet [dfltAllowAll=true,
taskPermissions=LinkedHashMap {}, cachePermissions=LinkedHashMap {},
sysPermissions=null, srvcPerms=HashMap {}], login=exampleUser]]
 
[2019-08-01 12:08:09,399][INFO ][rest-#66][MgmtAuditEventStorageSpi] Management task started:
[name=VisorNodePingTask, eventNode=TcpDiscoveryNode [id=a2039eff,
consistentId=0:0:0:0:0:0:0:1%lo0,127.0.0.1,172.2.6.7:47501, addrs=ArrayList
[0:0:0:0:0:0:0:1%lo0, 127.0.0.1, 172.2.6.7], sockAddrs=HashSet
[/0:0:0:0:0:0:0:1%lo0:47501, /127.0.0.1:47501,
example.gridgain.local/172.2.6.7:47501], discPort=47501, order=2, intOrder=2,
 lastExchangeTime=1564650459177, loc=true, ver=2.5.6#20190801-sha1:00000000,
 isClient=false], timestamp=1564650489396, info=VisorNodePingTaskArg
 [nodeId=a2039eff], subjectId=722a617a, secureSubject=SecuritySubjectAdapter
 [id=722a617a, subjType=REMOTE_CLIENT, addr=/127.0.0.1:54321,
 permissions=SecurityPermissionsUnmodifiableSet [dfltAllowAll=true,
 taskPermissions=LinkedHashMap {}, cachePermissions=LinkedHashMap {},
 sysPermissions=null, srvcPerms=HashMap {}], login=exampleUser]]
 
[2019-08-01 12:10:27,591][INFO ][rest-#70][MgmtAuditEventStorageSpi] Management task started:
[name=VisorQueryTask, eventNode=TcpDiscoveryNode [id=a2039eff,
consistentId=0:0:0:0:0:0:0:1%lo0,127.0.0.1,172.2.6.7:47501, addrs=ArrayList
[0:0:0:0:0:0:0:1%lo0, 127.0.0.1, 172.2.6.7], sockAddrs=HashSet
[/0:0:0:0:0:0:0:1%lo0:47501, /127.0.0.1:47501,
example.gridgain.local/172.2.6.7:47501], discPort=47501, order=2, intOrder=2,
lastExchangeTime=1564650459177, loc=true, ver=2.5.6#20190801-sha1:00000000,
isClient=false], timestamp=1564650627585, info=VisorQueryTaskArg
[cacheName=null, qryTxt=SELECT * FROM CACHE, distributedJoins=false,
enforceJoinOrder=false, replicatedOnly=false, loc=false, pageSize=100,
lazy=true, collocated=false], subjectId=722a617a,
secureSubject=SecuritySubjectAdapter [id=722a617a, subjType=REMOTE_CLIENT,
addr=/127.0.0.1:54321, permissions=SecurityPermissionsUnmodifiableSet
[dfltAllowAll=true, taskPermissions=LinkedHashMap {},
cachePermissions=LinkedHashMap {}, sysPermissions=null,
srvcPerms=HashMap {}], login=exampleUser]]

Available Tasks

EVT_MANAGEMENT_TASK_STARTED tracks the following tasks:

Category Task Description

Baseline

VisorBaselineTask

Collects information about baseline topology and can change its state.

Binaries

VisorBinaryMetadataCollectorTask

Collects binary metadata.

Services

VisorCancelServiceTask

Cancels services with the specified name.

Metrics

VisorComputeResetMetricsTask

Cancels services with specified name.

Caches

VisorCacheLostPartitionsTask

Collects list of lost partitions.

VisorCacheResetLostPartitionsTask

Resets lost partitions for caches.

VisorCacheStartTask

Starts cache or near cache with the specified configuration.

VisorCacheStopTask

Stops specified caches on the specified node.

VisorCacheAffinityNodeTask

Finds affinity node for a key.

VisorCacheModifyTask

Modifies the value in the specified cache.

VisorCacheRebalanceTask

Pre-loads caches. Made callable just to confirm the common pattern.

VisorCacheLoadTask

Loads caches.

VisorCacheClearTask

Clears specified caches on the specified node.

Queries

VisorQueryResetMetricsTask

Resets compute grid query metrics.

VisorQueryTask

Executes SQL fields query and gets the first page of results.

VisorQueryCancelTask

Cancels queries.

Computes

VisorComputeResetMetricsTask

Resets compute grid metrics.

VisorComputeCancelSessionsTask

Cancels given tasks sessions.

DEBUG

VisorThreadDumpTask

Creates a thread dump.

IGFS

VisorIgfsFormatTask

Formats IGFS instance.

VisorIgfsProfilerClearTask

Removes all IGFS profiler logs.

VisorIgfsResetMetricsTask

Resets IGFS metrics.

LOGS

VisorLogSearchTask

Searches for text matching in logs.

CLUSTER

VisorChangeGridActiveStateTask

Changes grid active state.

VisorNodeGcTask

Runs GC on nodes.

VisorNodeRestartTask

Restarts nodes.

VisorNodeStopTask

Stops nodes.

© 2021 GridGain Systems, Inc. All Rights Reserved. Privacy Policy | Legal Notices. GridGain® is a registered trademark of GridGain Systems, Inc.
Apache, Apache Ignite, the Apache feather and the Apache Ignite logo are either registered trademarks or trademarks of The Apache Software Foundation.

Last updated on Oct 06, 2021