Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Apache Ranger does not show up audits for HDFS

avatar
Rising Star

Hi there,

In my work place, HDFS plugin for Ranger has been enabled. I created a policy for the source in hdfs /tmp/ranger_test(which has access permission 400 in HDFS). I can see that the policy has been synced in ranger Plugins tab. But, It is not showing up any audit logs and it does not enforce the ranger policy while accessing the directory in hdfs.

For your information, the audit log is enabled.

Don't know the reason why it does not work in the way i expected.

13864-plugin.png

13865-policy.png

13866-policy1.png

13867-policy2.png

13868-policysync.png

No audit logs are displayed in ranger Audit tab. But audit are enable for hdfs to solr.

Please let me know what would be the reason and how to troubleshoot it.

Thanks,

kJ

9 REPLIES 9

avatar

avatar

What version of HDP are you using?

Do you see any error on the hdfs name node?

avatar
Rising Star

Hi vperiasamy and Namit Maheshwari,

Thank you very much for your reply. We are using HDP 2.5.3.

I am not seeing any error. The interesting thing is,

jkris03 is the owner of the directory with permission 400 in HDFS. But, when i tried to copy a file to the directory, it gave error like permission denied. But, the user rkurumb(my colleague) could able to copy file to the directory and i checked with other user(ftam) and he also got permission denied error. Since, there is no audit log, i could not see whether the ranger acl or hadoop acl is being enforced. We use Active Directory and it is synced with Apache Ranger. The group name i have used here is of Active Directory.

avatar

13887-screen-shot-2017-03-17-at-51036-pm.png

can you please check if you configured hdfs in ranger.audit.source.type. it should work after configuring it.

avatar
Rising Star

Hi Deepak,

Thanks for your reply. But, the parameter has already been configured.

For your infor, for hive plugin, it works well(audit source is solr).

But, for hdfs , i can see the log in "Admin" tab if i update the policy and the "Plugin" tab says the policy is synced. But

in the "Access" tab, i am not seeing any audits.

Note that, for the same service(hdfs) , I am seeing audits for other source but not mine(/tmp/ranger_test) .

avatar

ok , sorry i had misunderstood your question, So I think you are seeing audits for some of the hdfs operation on other resource but not for /tmp/ranger_test.

can you please check namenode logs, for the time when you performed operation , was there any error at that time in posting the logs to solr.

avatar
Rising Star

Now, it behaves differently. I updated the same policy. But still getting error while accessing the directory in hdfs. I think, the policy is not enforced. In the updated policy, there is no exclude condition, only the user jkris03 is allowed for the permission. Also, please look at the audits for the same service but the source is different. However, for the source datameer also, the ranger policy is not working, but we can see the audits. But, for my source, It is not displaying the audits too.

13912-audits.png

13910-updatedpolicy.png

13911-error.png

avatar
Rising Star

Hi everyone,

The logs are already displayed in the audits tab. The reason why i could not see is because of the"EventTime". The EventTime and Updated Time are not synced. That's why it is not showing the correct screen(i.e., latest logs). Then,i filtered logs based on source type and i could see my logs. However, I am getting different issue.

Thank you guys for your time.

avatar

EventTime timezone fix is available in Ranger 0.7.0. https://issues.apache.org/jira/browse/RANGER-1249