Motivation

The main purpose of Doris's audit log module is to record all operations performed in Doris, such as SQL, DDL, DML, etc. And other information about these operations, such as SQL query time, request client ip, etc.

At present, all audit logs are recorded in fe.audit.log of the respective FE. This is not convenient for users to view the audit data. Users need to find the fe.audit.log of each FE to query the logs, and the content of the logs cannot be quickly analyzed.

In this PR #2463 , we implemented the plug-in framework on the FE side, so I want to make the audit module pluggable, so that users can decide how to save the audit log by developing a plug-in.

Implementation

Within Doris, I implemented two audit module plugins:

One is a builtin plugin. The function of this plug-in is the same as that of the previous audit module, which is to record the audit log in fe.audit.log. This module is built-in and immutable to ensure consistency with previous logic.

The other is an optional plugin. This plug-in periodically inserts the audit log into a Doris table specified by the user. In this way, users can conveniently use SQL to query and analyze this audit log table.