Support Questions

Hello,

I need some assistance / guidance related to Impala Audit & Lineage Logs.

In our cluster I  see Impala Audit Logs (enable_audit_event_log) Un-checked, yet on the node level we see logs getting generated.

[service1@myserver audit]# ls -ltrh
total 215M
-rw-r--r-- 1 impala impala 4.2M May 27 14:45 impala_audit_event_log_1.0-1622078304372
-rw-r--r-- 1 impala impala 3.9M May 27 15:34 impala_audit_event_log_1.0-1622083537006
-rw-r--r-- 1 impala impala 4.3M May 27 16:44 impala_audit_event_log_1.0-1622086468134
-rw-r--r-- 1 impala impala 4.3M May 27 17:18 impala_audit_event_log_1.0-1622090691805
-rw-r--r-- 1 impala impala 4.3M May 27 18:26 impala_audit_event_log_1.0-1622092726630
-rw-r--r-- 1 impala impala 4.2M May 27 20:07 impala_audit_event_log_1.0-1622096799288
-rw-r--r-- 1 impala impala 4.0M May 27 21:17 impala_audit_event_log_1.0-1622102850640
-rw-r--r-- 1 impala impala 3.7M May 28 01:36 impala_audit_event_log_1.0-1622107032783
-rw-r--r-- 1 impala impala 2.7M May 28 14:34 impala_audit_event_log_1.0-1622122581046
-rw-r--r-- 1 impala impala 4.7M May 28 18:17 impala_audit_event_log_1.0-1622169268919
-rw-r--r-- 1 impala impala 4.3M May 28 19:34 impala_audit_event_log_1.0-1622182634220
-rw-r--r-- 1 impala impala 4.3M May 28 20:30 impala_audit_event_log_1.0-1622187283341
-rw-r--r-- 1 impala impala 4.3M May 28 20:58 impala_audit_event_log_1.0-1622190632083
-rw-r--r-- 1 impala impala 4.4M May 28 21:25 impala_audit_event_log_1.0-1622192312991

Could anyone please share some light as to why this is happening? I was under the impression that if this is checked only then logs would get captured, kindly clarify

CM / CDH – 6.3.3

Thanks 

Amn