nodetool cidrfilteringstats¶
Displays CIDR filtering statistics for the node.
Synopsis¶
nodetool [connection_options] cidrfilteringstats
Description¶
nodetool cidrfilteringstats displays statistics about CIDR-based filtering on the node. CIDR filtering allows restricting client connections based on IP address ranges, providing network-level access control for the Cassandra cluster.
This command shows metrics about CIDR authorization checks, cache performance, and filtering decisions.
Output Fields¶
| Field | Description |
|---|---|
Total Checks |
Total number of CIDR authorization checks performed |
Allowed |
Number of connections allowed by CIDR rules |
Denied |
Number of connections denied by CIDR rules |
Cache Hits |
Number of authorization results served from cache |
Cache Misses |
Number of authorization checks requiring full evaluation |
Examples¶
Basic Usage¶
nodetool cidrfilteringstats
Sample output:
CIDR Filtering Statistics:
Total Checks: 15432
Allowed: 14891
Denied: 541
Cache Hits: 14200
Cache Misses: 1232
When to Use¶
Monitor Access Control¶
# Check CIDR filtering activity
nodetool cidrfilteringstats
Use this command to:
- Monitor connection authorization patterns
- Identify potential unauthorized access attempts
- Verify CIDR rules are working as expected
- Assess cache efficiency for authorization checks
Security Auditing¶
# Regular security monitoring
nodetool cidrfilteringstats
Track denied connections to detect potential security issues or misconfigured clients.
Best Practices¶
Monitoring Guidelines
- Baseline metrics - Establish normal patterns for allowed/denied ratios
- Alert on anomalies - Monitor for unusual spikes in denied connections
- Cache efficiency - High cache hit rates indicate efficient authorization
- Regular review - Periodically review filtering statistics for security compliance
CIDR Filtering Requirements
CIDR filtering requires proper configuration in cassandra.yaml:
cidr_authorizermust be configured- CIDR groups must be defined
- Role-to-CIDR mappings must be established
Related Commands¶
| Command | Relationship |
|---|---|
| listcidrgroups | List defined CIDR groups |
| getcidrgroupsofip | Find CIDR groups for an IP |
| updatecidrgroup | Modify CIDR groups |
| dropcidrgroup | Remove CIDR groups |
| invalidatecidrpermissionscache | Clear CIDR cache |
| reloadcidrgroupscache | Reload CIDR groups |