Support Questions

Find answers, ask questions, and share your expertise

Ranger is not able to audit and polices are not applied

avatar

ranger-audit.png ranger-screenshot.jpg I have installed HDP 2.4 and installed ranger also i have enabled HDFs plugin and i used the default policy. I have attached the screenshots. Even when i try to access the resource, none of them is audited and stored. i have enabled both DB and HDFS to store the audit information. Am i missing anything?

I do see the json file in the namenode (containing the policy details)

/etc/ranger/arunpoy_hadoop/policycache ranger-auditenable.png

So Ranger policies are not at all applied and i am not able to see the audit.

But other functionalities like usersync are working properly

My guess is i am missing something or is it not working properly

1 ACCEPTED SOLUTION

avatar
Contributor

@ARUNKUMAR RAMASAMY Your ranger-admin-site.xml says that Solr is used as audit source. Since you are not using Solr(?) that might be the reason for you to not see any audit event in the Ranger UI. Did you check your MySQL database directly if audit data is stored there?

View solution in original post

8 REPLIES 8

avatar
Contributor

@ARUNKUMAR RAMASAMY Could you share the config as a file? Also, what the output of "find /usr/hdp -type f -name "*ranger-hdfs-plugin*" on the namenode?

avatar
@Stefan Kupstaitis-Dunkler

This is the output

find /usr/hdp -type f -name "*ranger-hdfs-plugin*"/usr/hdp/2.4.0.0-169/hadoop/lib/ranger-hdfs-plugin-impl/ranger-hdfs-plugin-0.5.0.2.4.0.0-169.jar

/usr/hdp/2.4.0.0-169/hadoop/lib/ranger-hdfs-plugin-shim-0.5.0.2.4.0.0-169.jar

/usr/hdp/2.4.0.0-169/ranger-hdfs-plugin/lib/ranger-hdfs-plugin-impl/ranger-hdfs-plugin-0.5.0.2.4.0.0-169.jar

/usr/hdp/2.4.0.0-169/ranger-hdfs-plugin/lib/ranger-hdfs-plugin-shim-0.5.0.2.4.0.0-169.jar

ranger-admin-site.xml

avatar
Contributor

@ARUNKUMAR RAMASAMY Your ranger-admin-site.xml says that Solr is used as audit source. Since you are not using Solr(?) that might be the reason for you to not see any audit event in the Ranger UI. Did you check your MySQL database directly if audit data is stored there?

avatar
@Stefan Kupstaitis-Dunkler

No i dont see audit events in either mysql database or in hdfs. But i have not enabled solr at all.

avatar

@Stefan Kupstaitis-Dunkler, you were bang on. I changed the audit source type from solr to db and i see now the audits in the ranger ui. My another question is i dont wantto have all these log data in mysql db (as this will easily occupy the mysql db soon). Instead i want to have it in hdfs, how can i do that. Also if you see my earlier screen shots, i have selected audit to HDFS and DB in the ambari. How is then the audit logs not written to hdfs and how is solr taken as a default value?

avatar
Contributor

@ARUNKUMAR RAMASAMY Cool, glad that I could help. In your case I would restart HDFS services (that's what you probably have done) and Ranger Admin as well. Could you select the answer that helped you most as the "Best Answer"? 🙂

avatar

I have already accepted the answer as the best answer

avatar

@ARUNKUMAR RAMASAMY - Ranger UI will show audit data from either Solr or DB. Since DB support will be deprecated from future releases, you are recommended to move to Solr.

Audit to HDFS is for long term storage and this can be done in addition to Solr.