Non-Ambari Cluster Installation Guide
Also available as:
PDF
loading table of contents...

Enabling Audit Logging for HDFS and Solr

The Ranger service provides the capability for you to enable audit logging for HDFS and/or Solr databases, which can be very helpful to maintain/query audit data when data grows to a significant amount.

To enable auditing for HDFS, perform the steps listed below.

  1. Set the XAAUDIT.HDFS.ENABLE value to "true" for the component plug-in in the install.properties file, which can be found here:

    /usr/hdp/<version>/ranger-<component>=plugin
  2. Configure the NameNode host in the XAAUDIT.HDFS.HDFS_DIR field.

  3. Create a policy in the HDFS service from the Ranger Admin for individual component users (hive/hbase/knox/storm/yarn/kafka/kms) to provide READ and WRITE permissions for the audit folder (i.e., for enabling Hive component to log Audits to HDFS, you need to create a policy for the hive user with Read and WRITE permissions for the audit directory).

  4. Set the Audit to HDFS caches logs in the local directory, which can be specified in XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY (this can be like /var/log/<component>/**), which is the path where the audit is stored for a short time. This is similar for archive logs that need to be updated.

To enable auditing reporting from the Solr database, perform the steps listed below.

  1. Modify the following properties in the Ranger service install.properties to enable auditing to the Solr database in Ranger:

    • audit_store=solr

    • audit_solr_urls=http://solr_host:6083/solr/ranger_audits

    • audit_solr_user=ranger_solr

    • audit_solr_password-NONE

  2. Restart Ranger.

To enable auditing to the Solr database for a plug-in (e.g., HBase), perform the steps listed below.

  1. Set the following properties in install.properties of the plug-in to begin audit logging to the Solr database:

    • XAAUDIT.SOLR.IS.ENABLED=true

    • XAAUDIT.SOLR.ENABLE=true

    • XAAUDIT.SOLR.URL=http://solr_host:6083/solr/ranger_audits

    • XAAUDIT.SOLR.USER-ranger_solr

    • XAAUDIT.SOLR.PASSWORD=NONE

    • XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/hdfs/audit/solr/spool

  2. Enable the Ranger HBase plug-in.

  3. Restart the HBase component.