Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

How to access fine grained audit logging in CML

avatar
author-rank ChrisPerro
Explorer

Created on ‎05-19-2020 12:22 PM - edited on ‎09-02-2020 03:59 PM by Community Manager Community Manager

CML provides some nice high-level session, model, and experiment auditing. But sometimes a situation arises where you would like audit logs at the level of file modification and user logins. This article provides a quick walkthrough of accessing the underlying RDBMS for this information. This page gives details on the tables and information available. This guide presupposes you are using AWS.


Thanks to @fletch_jeff for the help.

 

Step 1 - Install aws-iam-authenticator

Install according to your OS as per these instructions.

Step 2 - Grab your User ARN

From the command line:

 

 

 

==> aws sts get-caller-identity
{
    "Account": "012345678910", 
    "UserId": "ABBBBBBBBB BXXXXXXXXXX", 
    "Arn": "arn:aws:iam::012345678910:user/cperro"
}

 

 

 

From AWS Console

  1. Open the AWS Console.
  2. Navigate to IAM.
  3. Navigate to Users.
  4. Select your user name.
  5. Copy the ARN.
    Screen Shot 2020-05-19 at 2.15.03 PM.png

 

Step 3 - Add your ARN to your Workspace

  1. Navigate to Machine Learning Workspaces in CDP.
  2. Click on the Options icon (three vertical dots) for your workspace and select the Manage Remote Access option:
    Screen Shot 2020-05-19 at 2.17.07 PM.png
  3. Paste your ARN and click Grant Access.
  4. Click Download Kubeconfig:
    Screen Shot 2020-05-19 at 2.17.07 PM.png

Step 4 - Query the Audit Database

Note: the --kubeconfig file should be the KubeConfig you downloaded in the previous step

 

 

 

#List the tables in the database - interactive shell for db-0 pod in mlx namespace -> execute the psql command with user "sense"
kubectl --kubeconfig ~/Downloads/perro-small-workspace-kubeconfig.yaml exec -it db-0 -n mlx -- psql -P pager=off -U sense -c "\l”

#Show the last 10 user events
kubectl --kubeconfig ~/Downloads/perro-small-workspace-kubeconfig.yaml exec -it db-0 -n mlx -- psql -P pager=off -U sense -c "SELECT id, user_id, event_name, description, created_at FROM user_events order by created_at desc limit 10;

 

 

 

1,020 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements
Version history
Last update:
‎09-02-2020 03:59 PM
Updated by:
Community Manager Community Manager