Support Questions

arunpoy · ‎03-18-2016

ranger-audit.png ranger-screenshot.jpg I have installed HDP 2.4 and installed ranger also i have enabled HDFs plugin and i used the default policy. I have attached the screenshots. Even when i try to access the resource, none of them is audited and stored. i have enabled both DB and HDFS to store the audit information. Am i missing anything?

I do see the json file in the namenode (containing the policy details)

/etc/ranger/arunpoy_hadoop/policycache ranger-auditenable.png

So Ranger policies are not at all applied and i am not able to see the audit.

But other functionalities like usersync are working properly

My guess is i am missing something or is it not working properly

condla · ‎03-20-2016

@ARUNKUMAR RAMASAMY Your ranger-admin-site.xml says that Solr is used as audit source. Since you are not using Solr(?) that might be the reason for you to not see any audit event in the Ranger UI. Did you check your MySQL database directly if audit data is stored there?

View solution in original post

condla · ‎03-18-2016

@ARUNKUMAR RAMASAMY Could you share the config as a file? Also, what the output of "find /usr/hdp -type f -name "*ranger-hdfs-plugin*" on the namenode?

arunpoy · ‎03-18-2016

@Stefan Kupstaitis-Dunkler

This is the output

find /usr/hdp -type f -name "*ranger-hdfs-plugin*"/usr/hdp/2.4.0.0-169/hadoop/lib/ranger-hdfs-plugin-impl/ranger-hdfs-plugin-0.5.0.2.4.0.0-169.jar

/usr/hdp/2.4.0.0-169/hadoop/lib/ranger-hdfs-plugin-shim-0.5.0.2.4.0.0-169.jar

/usr/hdp/2.4.0.0-169/ranger-hdfs-plugin/lib/ranger-hdfs-plugin-impl/ranger-hdfs-plugin-0.5.0.2.4.0.0-169.jar

/usr/hdp/2.4.0.0-169/ranger-hdfs-plugin/lib/ranger-hdfs-plugin-shim-0.5.0.2.4.0.0-169.jar

ranger-admin-site.xml

condla · ‎03-20-2016

@ARUNKUMAR RAMASAMY Your ranger-admin-site.xml says that Solr is used as audit source. Since you are not using Solr(?) that might be the reason for you to not see any audit event in the Ranger UI. Did you check your MySQL database directly if audit data is stored there?

arunpoy · ‎03-21-2016

@Stefan Kupstaitis-Dunkler

No i dont see audit events in either mysql database or in hdfs. But i have not enabled solr at all.

arunpoy · ‎03-21-2016

@Stefan Kupstaitis-Dunkler, you were bang on. I changed the audit source type from solr to db and i see now the audits in the ranger ui. My another question is i dont wantto have all these log data in mysql db (as this will easily occupy the mysql db soon). Instead i want to have it in hdfs, how can i do that. Also if you see my earlier screen shots, i have selected audit to HDFS and DB in the ambari. How is then the audit logs not written to hdfs and how is solr taken as a default value?

condla · ‎03-21-2016

@ARUNKUMAR RAMASAMY Cool, glad that I could help. In your case I would restart HDFS services (that's what you probably have done) and Ranger Admin as well. Could you select the answer that helped you most as the "Best Answer"? 🙂

arunpoy · ‎03-21-2016

I have already accepted the answer as the best answer

vperiasamy · ‎03-22-2016

@ARUNKUMAR RAMASAMY - Ranger UI will show audit data from either Solr or DB. Since DB support will be deprecated from future releases, you are recommended to move to Solr.

Audit to HDFS is for long term storage and this can be done in addition to Solr.

Cloudera Community

Support Questions

Ranger is not able to audit and polices are not applied

How HDFS Apply Ranger Policies

How Ranger Audit Works

Re: Solr TTL - Auto-Purging Solr Documents & Range...

Modifying Ranger Audit Solr Config

Ranger audit log event summarization

Ranger audit log for Stream Messaging Manager serv...

Ranger Audit in Hive Table - a sample approach

Restore backup ranger audits to new collection

Ranger policies not getting applied on groups

Ranger audit log is empty .... although policy is ...