Support Questions

eddy28 · ‎08-21-2024

Hi Everyone,

I’m new to Apache Ranger. I’ve created an HDFS policy and configured it to store audit logs in Solr. When I create or delete directories in HDFS, the audit logs are generated and visible in the Ranger UI. However, when I perform operations as the superuser (hdfs), no audit logs are generated.

As shown in below screenshot, rangertest1 and rangertest2 users audit logs are shown on UI. But any operations performed using hdfs user, those logs not going in Audit DB.

Does Ranger not support audit logging for superuser actions?
I have already checked all the configs and there are no exclusions to any user.

Best regards,
Aditya

DianaTorres · ‎08-21-2024

@eddy28 Welcome to the Cloudera Community!

To help you get the best possible solution, I have tagged our Ranger experts @Atahar @vamsi_redd @Puni who may be able to assist you further.

Please keep us updated on your post, and we hope you find a satisfactory solution to your query.

Regards,

Diana Torres,
Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

vats · ‎08-21-2024

@eddy28

If you are performing operations as the superuser (hdfs) and no audit logs are generated, it is likely because the superuser is bypassing the HDFS permissions and Ranger policies. The superuser has administrative privileges and can perform any action in HDFS without being subject to the policies defined in Ranger.

By default, HDFS does not generate audit logs for actions performed by the superuser. If you want to track the activities of the superuser, you can enable audit logging specifically for the superuser.

eddy28 · ‎08-22-2024

Hi @vats ,

Thanks for your quick reply.

I have already tried below steps, but still not able to get audit logs for superuser.
1.) Added Audit filter:-

2.) Gave allow permission in Ranger policy.

Is there anything else I need to follow to enable audit logging specifically for the superuser.

Regards,

Aditya

vats · ‎08-22-2024

@eddy28

To enable audit logging for superuser actions, you need to update the HDFS configuration. Follow these steps:

Open the hdfs-site.xml file in the Hadoop configuration directory ($HADOOP_HOME/etc/hadoop).

Add the following properties to enable audit logging for superuser actions:

<property> <name>dfs.namenode.inode.attributes.provider.class</name> <value>org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer</value> </property> <property> <name>ranger.plugin.hdfs.service.name</name> <value>hadoopdev</value>  </property>

Save the changes and restart the HDFS service for the new configuration to take effect.

With this configuration, the superuser actions should generate audit logs, which will be visible in the Ranger UI alongside other HDFS actions.

Note-Please test this configuration with you uat cluster

eddy28 · ‎08-22-2024

Hi @vats ,
I have tried it, but still no luck.

Regards,

Aditya

vats · ‎08-23-2024

@eddy28

Have you configured this property properly
"<name>ranger.plugin.hdfs.service.name</name> <value>hadoopdev</value>  "
Do you have any exception after configuring the suggested property?

eddy28 · ‎08-23-2024

Hi @vats ,

Yes I have added configs properly. Kindly see the screenshot below:

My service name is also hadoopdev

Regards,

Aditya

Support Questions

In Apache Ranger, Audit logging not working for superuser only