Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Accessing Cloudera Navigator Audit data directly at its source

Accessing Cloudera Navigator Audit data directly at its source

New Contributor

Is there a way to access the Audit event log data that is provided through Cloudera Navigator directly, instead of the Navigator audit reporting tool? I am looking to access this data directly at the source to provide more customization around reporting and querying on this data. 

 

Is there a specific database within MySQL that I should be referencing, or is this data already being stored in HDFS? If it only resides in a MySQL database, I would prefer to set up processes to move that data to HDFS.

 

Thanks,

jw

1 REPLY 1
Highlighted

Re: Accessing Cloudera Navigator Audit data directly at its source

Cloudera Employee

Hello Jwood,

 

The audit sources for the Navigator audit data is as follows:

 

OS File System:

 

Each service has audit data in the OS file system, under the following path:

 

/var/log/<service>/audit

 

For example, the HDFS audit data would be located in the following path:

 

/var/log/hadoop-hdfs/audit

 

From there you would view the "hdfs-audit.log" file.

 

 

MySQL:

 

The audit data is propagated from the aforementioned audit files to Navigator Audit Server's underlying database.

 

The data is located in the following tables:

 

<SERVICENAME>_AUDIT_EVENTS

 

For example, the can find the HBASE, HDFS, and HUE audit data in the following tables:

 

- HBASE_AUDIT_EVENTS
- HDFS_AUDIT_EVENTS
- HUE_AUDIT_EVENTS

Don't have an account?
Coming from Hortonworks? Activate your account here