Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Can the ranger audit records that are stored in HDFS be viewed through Ranger Audit UI?

Labels:
avatar
author-rank mamirne
New Member

Created ‎04-05-2016 07:45 PM

Hi,

I have Ranger 0.5.0.2.3 and HDP 2.3.4. In the Ranger configuration, there is option to store the Ranger audit records to HDFS. Is it possible to view the audit records that are stored in HDFS through the Ranger UI?

Is it possible to store the audit records to just in HDFS (No Solr, or DB), if so how to view them and what should I be setting the ranger.audit.source.type property be set to?

Thanks,

Madhavi.

3,334 Views
1 ACCEPTED SOLUTION

avatar
author-rank pminovic author-rank
Master Guru

Created ‎04-05-2016 09:13 PM

Hi @Madhavi Amirneni, Yes, it is possible to store audit records only in HDFS but they cannot be viewed through Ranger UI. The main reason is that search is not supported. To view records in UI, a DB or Solr have to be configured and ranger.audit.source.type set to either db or solr. By the way, audit records in HDFS are stored in text files, as Json objects, see a sample below (audit for HDFS), and can be explored using another tool. The directories are organized by day, for example: /ranger/audit/hdfs/20160404.

{"repoType":1,"repo":"Sandbox_hadoop","reqUser":"oozie","evtTime":"2016-04-04 01:27:05.123","access":"READ_EXECUTE","resource":"/user/oozie/share/lib","resType":"path","result":1,"policy":7,"reason":"/user/oozie/share/lib","enforcer":"ranger-acl","cliIP":"10.0.2.15","agentHost":"sandbox.hortonworks.com","logType":"RangerAudit","id":"49abe678-ffa7-46cd-ba1f-de85368dd88c","seq_num":81811,"event_count":1,"event_dur_ms":0}

View solution in original post

2,713 Views
3 REPLIES 3

avatar
author-rank pminovic author-rank
Master Guru

Created ‎04-05-2016 09:13 PM

Hi @Madhavi Amirneni, Yes, it is possible to store audit records only in HDFS but they cannot be viewed through Ranger UI. The main reason is that search is not supported. To view records in UI, a DB or Solr have to be configured and ranger.audit.source.type set to either db or solr. By the way, audit records in HDFS are stored in text files, as Json objects, see a sample below (audit for HDFS), and can be explored using another tool. The directories are organized by day, for example: /ranger/audit/hdfs/20160404.

{"repoType":1,"repo":"Sandbox_hadoop","reqUser":"oozie","evtTime":"2016-04-04 01:27:05.123","access":"READ_EXECUTE","resource":"/user/oozie/share/lib","resType":"path","result":1,"policy":7,"reason":"/user/oozie/share/lib","enforcer":"ranger-acl","cliIP":"10.0.2.15","agentHost":"sandbox.hortonworks.com","logType":"RangerAudit","id":"49abe678-ffa7-46cd-ba1f-de85368dd88c","seq_num":81811,"event_count":1,"event_dur_ms":0}
2,714 Views

avatar
author-rank mamirne
New Member

Created ‎04-05-2016 10:18 PM

@Predrag Minovic, Thank you for the clarification.

2,713 Views
0 Kudos

avatar
author-rank pminovic author-rank
Master Guru

Created ‎04-05-2016 10:46 PM

@Madhavi Amirneni, if you like the answer please consider to accept and/or upvote it. This is how HCC works: users who ask questions are "awarded" by right answers, users who provide right answers are "awarded" by this upvotes/accepts. Tnx!

2,713 Views
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
View More Announcements