Skip to content

[Feature] Identifying user session in audit logs #49915

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
2 of 3 tasks
dolfinus opened this issue Apr 9, 2025 · 0 comments
Open
2 of 3 tasks

[Feature] Identifying user session in audit logs #49915

dolfinus opened this issue Apr 9, 2025 · 0 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@dolfinus
Copy link

dolfinus commented Apr 9, 2025
edited
Loading

Search before asking

  • I had searched in the issues and found no similar issues.

Description

Currently audit log contains information like client IP, user name, statement, status and so on. But it is unknown if a set of queries are a part of some specific session/connection, or are executed independently.

Other databases like Postgres allow to track each session specifically:

  • There is a pg_stat_activity view which returns state of currently executed sessions in the system.
  • Sessions have a name which is set using ApplicationName client parameter. So session can be tracked by explicit name given by a user, and not by some random ID (which user doesn't know or log on client side in most cases).
  • Audit extensions (e.g. pg_proaudit) include session identifier column

Finally, the combination of session_id + timestamp + query_id can tell everything which was done by specific session, and in which order.

But currently I don't see how this can be implemented in Doris:

  • There is no session/application/connection state concept. I don't see any views which can return this information.
  • There is no client/protocol option which accepts user-specified session/connection name, and saves it into some database object/view which can be used for introspection or audit.
  • There is no sessionId/connectionId column in audit event, so queries cannot be grouped by connection, they all seems to be totally independent.

Please consider implementing:

  • system view or table with list of currently opened connections/sessions
  • connection/session name can be explicitly set by user
  • audit logs should contain connection/session id and name

Use case

Inspection of audit logs can give information about specific user and query which was executed by Doris. But it don't give any information about application or script which executed this query, so this becomes hard to track down falling query source.

Related issues

No response

Are you willing to submit PR?

  • Yes I am willing to submit a PR!

Code of Conduct
@dolfinus dolfinus added the kind/feature Categorizes issue or PR as related to a new feature. label Apr 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dolfinus