Bringing together the Apache Cassandra experts from the community and DataStax.

Want to learn? Have a question? Want to share your expertise? You are in the right place!

Not sure where to begin? Getting Started

 

question

ashok.dcosta_187920 avatar image
ashok.dcosta_187920 asked ·

Is the commitlog easily read or is it not easily accessible?

Hi,

I wanted to know the commit log thats written to the disk is it easily accessible or is it secured and cannot be read easily ? Also is it encrypted ?

cassandracommitlog
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

2 Answers

Erick Ramirez avatar image
Erick Ramirez answered ·

The contents of the commitlog/ directory (commitlog segments) are not easily accessible to users. You can't just read the contents of the files since they are in binary format and there are no out-of-the-box tools available to parse them.

You can however write a Java app to read the contents similar to the way the CommitLogReader.java and CommitLogReplayer.java does since the code for the reader and for the replayer are open-source. Cheers!

Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

bettina.swynnerton avatar image
bettina.swynnerton answered ·

Hi,

Later versions of Cassandra provide transparent data encryption for commitlog and hints out of the box. To enable, see the following section in the cassandra.yaml (here from Cassandra 3.11.6)

# Enables encrypting data at-rest (on disk). Different key providers can be plugged in, but the default reads from
# a JCE-style keystore. A single keystore can hold multiple keys, but the one referenced by
# the "key_alias" is the only key that will be used for encrypt opertaions; previously used keys
# can still (and should!) be in the keystore and will be used on decrypt operations
# (to handle the case of key rotation).
#
# It is strongly recommended to download and install Java Cryptography Extension (JCE)
# Unlimited Strength Jurisdiction Policy Files for your version of the JDK.
# (current link: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html)
#
# Currently, only the following file types are supported for transparent data encryption, although
# more are coming in future cassandra releases: commitlog, hints
transparent_data_encryption_options:
    enabled: false
    chunk_length_kb: 64
    cipher: AES/CBC/PKCS5Padding
    key_alias: testing:1
    # CBC IV length for AES needs to be 16 bytes (which is also the default size)
    # iv_length: 16
    key_provider:
    -   class_name: org.apache.cassandra.security.JKSKeyProvider
        parameters:
        -   keystore: conf/.keystore
            keystore_password: cassandra
            store_type: JCEKS
            key_password: cassandra

Here is the jira that asked for the option to encrypt the commitlog:
https://issues.apache.org/jira/browse/CASSANDRA-6018

Hope this helps!

1 comment Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

ashok.dcosta_187920 avatar image ashok.dcosta_187920 ·

Hello,

Thanks for the information , I was asked in the interview this question whethe the commit log can be read ? What would be the answer fot this ? Is commit log readable ?

0 Likes 0 ·