Support Questions

Find answers, ask questions, and share your expertise
Celebrating as our community reaches 100,000 members! Thank you!

On-boarding Ranger Audit logs to SIEM

New Contributor



We are in the process of setting up our Cloudera and would like to request you to provide the steps to Integrate Audit logs from Ranger to SIEM (splunk) systems. Request you to let us know if there are any other services needed on the cluster to get this Integration(other than Ranger). 


Thanks a lot.





Rising Star

Hi Madhuri,


Streaming Ranger audits to third-party services (other than HDFS, Solr) is still not officially supported. I found this article though, can you check if that helps:

Also, there's a Github page to enable streaming Ranger audits to Kafka topics:

Here's an Apache document on steps to enable Audits to a component that has log4j appender:

New Contributor

Madhuri, did you get any solution for this .. I am looking for the same audit logs into Splunk.


Hi All,


You can check the below article for more details on Configuring Apache ranger to send syslog to a SIEM system:


We officially support two destination location for ranger audits i.e. HDFS & SOLR
Audits to log4j is a community feature and not certified by Cloudera Engineering


Other KB reference:

Community Manager

@ammukana, did any of the replies helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. 


Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community: