Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger audit log is empty .... although policy is applied

Solved Go to solution

Ranger audit log is empty .... although policy is applied

Guru

Hello,

I have a fresh installation of HDP2.2.4 including Ranger 0.4

After enabling and configuring HDFS policy, that policy is getting applied, but I have no entries in the Audit=>Access tab of Ranger UI, it is empty, even after waiting for some minutes and triggering several actions. In the Audit=>Agents tab I can see all the HDFS/Hive/HBase agents connected.

Where can I check for issues what is going wrong here ?

Thanks...

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Ranger audit log is empty .... although policy is applied

Guru

Hi @Jonas Straub , Hi @Ramesh Mani ,

I just wanted to update with the solution of that issue. At the end it turned out, that after Ambari upgrade (from 2.0.1 initially to Ambari 2.1.2.1), the placeholder-variables were not set/applied correctly via Ambari. In HDFS => advanced ranger-plugin config there were variables like {{xaaudit_db_XYZ}}, and I replaced those with their real values (xaaudit.db.username, xaaudit.db.database, xaaudit.db.password, ...) , restarted HDFS and now the audit log entries are being written.

Regards, Gerd

5 REPLIES 5

Re: Ranger audit log is empty .... although policy is applied

Make sure the Audit Source is set to DB in Ambari (see Ranger configuration). Also could you check if the database (mysql?) contains any audit entries?

Re: Ranger audit log is empty .... although policy is applied

Guru

Hi @Jonas Straub , thanks for answering.

yep, audit-to-db is marked in HDFS Ranger plugin config, I checked MySQL directly as user 'rangeradmin', but the table xa_access_audit is empty.

These are the settings for Ranger MySQL in Ambari =>

2956-ranger-db-config.png

Re: Ranger audit log is empty .... although policy is applied

Expert Contributor

@Gerd Koening. Check in Ranger -> Config > Advanced ranger-admin-site ranger.audit.source.type = db

Do you see any exception in namenode log related to Ranger Auditing? Also check that the policy is having the audit enabled. Also hdfs operation you are doing should be for the resources which are in the Policy.

Re: Ranger audit log is empty .... although policy is applied

Guru

hi @Ramesh Mani , many thanks.

In my Ambari version(2.1.2.1, Ranger 0.4, HDP2.2.4)) I cannot find that property in Ranger config. There is just "advanced ranger-site" but also there, no property "ranger.audit.source.type".

The only place where I can configure where to log, is the Policy configuration itself, like in HDFS=>advanced ranger-hdfs-plugin-configuration" where I clicked/marked the checkbox "Audit to DB"

The namenode log seems to be the correct hint, there I saw db errors like "connection refused", so I have to investigate into that. I think it is more a mysql problem now, not really a ranger issue....I will catchup on this after after the long weekend...

Highlighted

Re: Ranger audit log is empty .... although policy is applied

Guru

Hi @Jonas Straub , Hi @Ramesh Mani ,

I just wanted to update with the solution of that issue. At the end it turned out, that after Ambari upgrade (from 2.0.1 initially to Ambari 2.1.2.1), the placeholder-variables were not set/applied correctly via Ambari. In HDFS => advanced ranger-plugin config there were variables like {{xaaudit_db_XYZ}}, and I replaced those with their real values (xaaudit.db.username, xaaudit.db.database, xaaudit.db.password, ...) , restarted HDFS and now the audit log entries are being written.

Regards, Gerd

Don't have an account?
Coming from Hortonworks? Activate your account here