Created on 09-27-2017 08:47 AM
Since Ranger 0.5 there has been the ability to summarize audit events that differ only by timestamp to reduce the amount of events logged in a busy system. When enabled, if a Ranger plugin logs consecutive audit events that differ only by timestamp it will coalesce all such events in to a single event and set 'event_count' to the number of events logged and 'event_dur_ms' to the time difference in milliseconds between the first and last event.
To enable this feature you must set the following properties in the Ranger plugin's configuration:
Configuration name | Notes |
xasecure.audit.provider.summary.enabled |
|
xasecure.audit.provider.queue.size |
|
xasecure.audit.provider.summary.interval.ms |
|
Summarization Batch size |
|
More details can be found here: Ranger 0.5 Audit log summarization
User | Count |
---|---|
758 | |
379 | |
316 | |
309 | |
268 |