PLANNED MAINTENANCE

Hello, DataStax Community!

We want to make you aware of a few operational updates which will be carried out on the site. We are working hard to streamline the login process to integrate with other DataStax resources. As such, you will soon be prompted to update your password. Please note that your username will remain the same.

As we work to improve your user experience, please be aware that login to the DataStax Community will be unavailable for a few hours on:

  • Wednesday, July 15 16:00 PDT | 19:00 EDT | 20:00 BRT
  • Thursday, July 16 00:00 BST | 01:00 CEST | 04:30 IST | 07:00 CST | 09:00 AEST

For more info, check out the FAQ page. Thank you for being a valued member of our community.


question

ashok.dcosta_187920 avatar image
ashok.dcosta_187920 asked ·

Is the commitlog easily read or is it not easily accessible?

Hi,

I wanted to know the commit log thats written to the disk is it easily accessible or is it secured and cannot be read easily ? Also is it encrypted ?

cassandracommitlog
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Erick Ramirez avatar image
Erick Ramirez answered ·

The contents of the commitlog/ directory (commitlog segments) are not easily accessible to users. You can't just read the contents of the files since they are in binary format and there are no out-of-the-box tools available to parse them.

You can however write a Java app to read the contents similar to the way the CommitLogReader.java and CommitLogReplayer.java does since the code for the reader and for the replayer are open-source. Cheers!

Share
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

bettina.swynnerton avatar image
bettina.swynnerton answered ·

Hi,

Later versions of Cassandra provide transparent data encryption for commitlog and hints out of the box. To enable, see the following section in the cassandra.yaml (here from Cassandra 3.11.6)

# Enables encrypting data at-rest (on disk). Different key providers can be plugged in, but the default reads from
# a JCE-style keystore. A single keystore can hold multiple keys, but the one referenced by
# the "key_alias" is the only key that will be used for encrypt opertaions; previously used keys
# can still (and should!) be in the keystore and will be used on decrypt operations
# (to handle the case of key rotation).
#
# It is strongly recommended to download and install Java Cryptography Extension (JCE)
# Unlimited Strength Jurisdiction Policy Files for your version of the JDK.
# (current link: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html)
#
# Currently, only the following file types are supported for transparent data encryption, although
# more are coming in future cassandra releases: commitlog, hints
transparent_data_encryption_options:
    enabled: false
    chunk_length_kb: 64
    cipher: AES/CBC/PKCS5Padding
    key_alias: testing:1
    # CBC IV length for AES needs to be 16 bytes (which is also the default size)
    # iv_length: 16
    key_provider:
    -   class_name: org.apache.cassandra.security.JKSKeyProvider
        parameters:
        -   keystore: conf/.keystore
            keystore_password: cassandra
            store_type: JCEKS
            key_password: cassandra

Here is the jira that asked for the option to encrypt the commitlog:
https://issues.apache.org/jira/browse/CASSANDRA-6018

Hope this helps!

1 comment Share
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Hello,

Thanks for the information , I was asked in the interview this question whethe the commit log can be read ? What would be the answer fot this ? Is commit log readable ?

0 Likes 0 · ·