Support Questions
Find answers, ask questions, and share your expertise

Hive audit logs not appearing in ranger. Policies enforced.

Hive audit logs not appearing in ranger. Policies enforced.

Expert Contributor

Hey I'm looking into why my audit logs aren't showing up in solr. (HDP 2.6.3)

The policies are being enforced.

I can see they are being written to hdfs, but also this was an upgrade:

[hdfs@lrdccdhgw01 r00t]$ hdfs dfs -ls /ranger/audit/
Found 4 items
drwx------   - atlas hadoop          0 2018-05-15 09:19 /ranger/audit/atlas
drwx------   - hdfs  hdfs            0 2018-05-15 00:00 /ranger/audit/hdfs
drwx------   - hive  hive            0 2017-10-14 14:06 /ranger/audit/hive2
drwx------   - hive  hive            0 2018-05-15 08:31 /ranger/audit/hiveServer2

This leads me to believe that during the upgrade something was not updated correctly. (Seeing a prevoius hive log no longer being written to.) Here's my Custom ranger-hive-audit settings:

xasecure.audit.destination.solr.force.use.inmemory.jaas.config=true
xasecure.audit.jaas.Client.loginModuleControlFlag=required
xasecure.audit.jaas.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
xasecure.audit.jaas.Client.option.keyTab=/etc/security/keytabs/hive.service.keytab
xasecure.audit.jaas.Client.option.principal=hive/_HOST@BNGF.LOCAL
xasecure.audit.jaas.Client.option.serviceName=solr
xasecure.audit.jaas.Client.option.storeKey=false
xasecure.audit.jaas.Client.option.useKeyTab=true

What am I missing ? I'd really like to have the audit logs searchable by solr.