hi @Sagar Shimpi I checked "Audit" -> "Plugins" and there I have "Test1_hdfs" as service name ("Test1_hdfs" is my repository name) with "Http Response Code" 200. The "Plugin Id" is "kms@ranger-Test1_hdfs" which I am not sure whether it is correct or not.
Secondly, I also get a message "Connected Successfully" when I try to do "Test Connection".
Attaching the /var/log/ranger/admin/xa_portal.log logs, xa-portal.txt
Also, I can see the logs in /var/log/hadoop/hdfs location in the namenode which means logs are getting stored but not available in the UI.
Thanks again for your reply.
@Pooja Kamle There is some issue with then plugin id it seems. Not sure if thats the right info its displaying. OK, pls follow below steps to debug -
and replace "info" to "debug" for all search with the file and restart ranger.
With Ranger 0.5 you have the possibility to store your audit log in HDFS, DB or Solr. Going forward we are moving away from DB Audit Logs and Solr will be the default/preferred destination for audit logs.
Since you have checked ranger.audit.source.type already, make sure you also enabled "Audit to DB" in your ranger-hdfs-audit configuration (Ambari->HDFS->Config).
Did you check the DB configuration in your ranger config, are the user,db and password correct?
Are policies syncing to the Namenodes of your cluster? (Check via Ranger->Audit->plugins or the Namenodes /etc/ranger/<repository name>/policycache)
Also check your Namenode log (/var/log/hadoop/hdfs/hadoop-hdfs-namenode....log) for errors regarding ranger.
@Jonas Straub: Thanks for your reply. I have checked and "Audit to DB" is enabled. The username and password also seem to be correct. But, this path is empty -> etc/ranger/<repository name>/policycache. There is nothing in policycache. I can see the logs in /var/log/hadoop/hdfs location in the namenode which means logs are getting stored but not available in the UI. Its very odd because I have followed same procedure for HDP 2.2 and Ranger 0.4. And it is all fine. Any suggestions?
First, determine if the issue is at the DB or WebUI level by checking the database directly (to see if audits are actually being captured):
$ mysql -u root use ranger_audit; SELECT * FROM xa_access_audit LIMIT 10;
If you don't see any recent audit data in the table above:
If you can see recent audit data in the table above and just not in the Ranger WebUI:
Let me know how it goes
Hi, @Laurence Da Luz Thanks for your reply.
1. I checked the database as you told and found out that no logs are stored in the "ranger_audit" table because when I query "SELECT * FROM xa_access_audit LIMIT 10" I get output as "Empty set (0.00 sec)"
2. I also checked the db connection and it is defined with hostname and not with "localhost". So, I don't think this is an issue.
3. I also checked the namenode logs in /var/log/hadoop/hdfs location and found out that logs are getting generated as I can see logs in "hdfs-audit.log" file.
4. In the Ranger UI, I cannot see any plugins under Audit->Plugins tab. It says "No plugin found!".
I am attaching 'hadoop-hdfs-namenode-master.log' and 'xa_portal.log' files for your reference.
Also, there is a log file in /var/log/ranger/admin location called 'xa_portal_sql.log'. There I see some NullPointer Exception. Attaching that file also.
Please provide your valuable suggestions if you find what exactly the issue is.