Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

On-boarding Ranger Audit logs to SIEM

Labels:
avatar
author-rank madhuriv
New Contributor

Created ‎03-15-2021 11:25 PM

Hello,

 

We are in the process of setting up our Cloudera and would like to request you to provide the steps to Integrate Audit logs from Ranger to SIEM (splunk) systems. Request you to let us know if there are any other services needed on the cluster to get this Integration(other than Ranger). 

 

Thanks a lot.

 

Regards,

Madhuri

2,955 Views
0 Kudos
4 REPLIES 4

avatar
author-rank slambe author-rank
Rising Star

Created ‎03-22-2021 02:27 AM

Hi Madhuri,

 

Streaming Ranger audits to third-party services (other than HDFS, Solr) is still not officially supported. I found this article though, can you check if that helps:
https://my.cloudera.com/knowledge/How-to-send-Ranger-audit-logs-to-log4j-appenders?id=276802

Also, there's a Github page to enable streaming Ranger audits to Kafka topics:

https://github.com/Raghav-Guru/kafka-ranger-audit

Here's an Apache document on steps to enable Audits to a component that has log4j appender:

https://cwiki.apache.org/confluence/display/RANGER/Ranger+0.5+Audit+Configuration#Ranger0.5AuditConf...

2,922 Views
0 Kudos

avatar
author-rank ammukana
New Contributor

Created ‎08-02-2022 06:31 AM

Madhuri, did you get any solution for this .. I am looking for the same audit logs into Splunk.

2,305 Views
0 Kudos

avatar
author-rank pkr author-rank
Contributor

Created ‎08-03-2022 04:38 AM

Hi All,

 

You can check the below article for more details on Configuring Apache ranger to send syslog to a SIEM system:

https://community.cloudera.com/t5/Support-Questions/Configuring-Apache-Ranger-to-send-Syslog-to-a-SI...

 

We officially support two destination location for ranger audits i.e. HDFS & SOLR
Audits to log4j is a community feature and not certified by Cloudera Engineering

 

Other KB reference:
https://my.cloudera.com/knowledge/How-to-send-Ranger-audit-logs-to-log4j-appenders?id=276802

2,282 Views
0 Kudos

avatar
author-rank VidyaSargur author-rank
Community Manager

Created ‎08-08-2022 02:31 AM

@ammukana, did any of the replies helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. 


Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
2,265 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements