Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Do we have a Ranger 0.5 DB Schema defined somewhere?

avatar
Expert Contributor

Audit Logs stored in Ranger Audit DB needs to be piped to SIEM system. Need to know what table(s) I can query on to pull failed policies (ie. "Denied" access). This information will eventually be pushed to SIEM.

1 ACCEPTED SOLUTION

avatar
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
6 REPLIES 6

avatar
Master Mentor

@rgarcia

Audit Database has only 1 table that stores all the information. Check through Mysql CLI (Assuming its mysql)

example:

select client_ip,repo_name,session_id,event_time,request_user,action,request_data,resource_path from xa_access_audit;

avatar
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar

An extra comment with an attachment because I was limited to 2 attachments in my original answer 🙂 Note that this was derived from an instance of HDP 2.2.4 with Ranger 0.4 but should translate over to Ranger 0.5 on HDP 2.3.

avatar
Master Mentor

@Brandon Wilson Very nice! I think it should be in an official blog or docs. @bganesan @bdurai

avatar
Rising Star

@Brandon Wilson Very nice. @Neeraj Sabharwal We are moving away from storing audits in DB, we need to guide customers to get audit from HDFS

avatar
Rising Star

@rgarcia Why not pipe the data from HDFS, assuming audit is being written to HDFS as well?