Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Super Collaborator

This article will help to configure the ranger audit logs to be written into flat file system.

some users don't want to use solr to reduce the hardware and software footprints, such cases it will help to write and debug, at the same time this can coexists with solr

NiFi is log consolidation done by Logback, hence we need to make the following changes to logback configuration.

To enable the ranger audits :

in Advanced-nifi-ranger-audit section make the flowing parameters values to,

xasecure.audit.destination.log4j=true
xasecure.audit.destination.log4j.logger=ranger.audit 

To capture the logs generated by the logger, configure the logback (same as nifi-app module logger).

In Advanced nifi-node-logback-env at add the following content logback.xml template

<appender name="RANGER_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <file>${org.apache.nifi.bootstrap.config.log.dir}/ranger_nifi_audit.log</file>
        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
            <fileNamePattern>${org.apache.nifi.bootstrap.config.log.dir}/ranger_nifi_audit_%d{yyyy-MM-dd_HH}.%i.log</fileNamePattern>
            <maxFileSize>100MB</maxFileSize>
            <maxHistory>30</maxHistory>
        </rollingPolicy>
        <immediateFlush>true</immediateFlush>
        <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
            <pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
        </encoder>
</appender>
 
<logger name="ranger.audit" level="INFO" additivity="false">
            <appender-ref ref="RANGER_AUDIT"/>
</logger>

sample output:

sample output:
[centos@projecthdfm1 nifi]$ cat ranger_nifi_audit.log
2017-09-08 03:37:47,475 INFO [org.apache.ranger.audit.queue.AuditBatchQueue1] ranger.audit {"repoType":10,"repo":"hdf_clstr_nifi","reqUser":"aaaaaaaa","evtTime":"2017-09-08 03:37:46.699","access":"READ","resource":"/flow","resType":"nifi-resource","action":"READ","result":1,"policy":1,"enforcer":"ranger-acl","cliIP":"999.999.999.999","agentHost":"aaaaaa.bbbbb.example.com","logType":"RangerAudit","id":"0efc4a0d-f634-42c0-9616-5d8298a92892-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[]}
2017-09-08 03:38:41,443 INFO [org.apache.ranger.audit.queue.AuditBatchQueue1] ranger.audit {"repoType":10,"repo":"hdf_clstr_nifi","reqUser":"admin","evtTime":"2017-09-08 03:38:39.121","access":"READ","resource":"/flow","resType":"nifi-resource","action":"READ","result":1,"policy":1,"enforcer":"ranger-acl","cliIP":"999.999.999.999","agentHost":"aaaaa.bbbbb.example.com","logType":"RangerAudit","id":"0efc4a0d-f634-42c0-9616-5d8298a92892-1","seq_num":3,"event_count":1,"event_dur_ms":0,"tags":[]}
2017-09-08 03:49:26,549 INFO [org.apache.ranger.audit.queue.AuditBatchQueue1] ranger.audit {"repoType":10,"repo":"hdf_clstr_nifi","reqUser":"someotheruser","evtTime":"2017-09-08 03:49:25.942","access":"READ","resource":"/flow","resType":"nifi-resource","action":"READ","result":0,"policy":-1,"enforcer":"ranger-acl","cliIP":"999.999.999.999","agentHost":"xxxxx.yyyy.example.com","logType":"RangerAudit","id":"0efc4a0d-f634-42c0-9616-5d8298a92892-2","seq_num":5,"event_count":1,"event_dur_ms":0,"tags":[]}

*host names and IP address masked
690 Views
Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎09-08-2017 08:56 AM
Updated by:
 
Contributors
Top Kudoed Authors