I have installed HDP 2.6 on AWS and got Ranger to audit HDFS,HBase and HIVE activity . I see the logs in the HDFS file and in a log4j sink. But I am missing audit records for "put", "get" and "scan" HBase command I run from the hbase shell. Everything else appears OK. Are those commands excluded from the audit log? I see audit logs for other HBase commands I run on the hbase shell (such as describe) as well as all other activity on HIVE and HDFS. Can I turn on audit log for these commands too?
I found the problem - the port between the region servers and syslogd was blocked. Once I changed the security group, I could see all the audit logs.