Support Questions

Find answers, ask questions, and share your expertise

Ranger logs UI?

avatar
Explorer

Hello, I am from cloudera background recently moved to Hortonworks platform. I am trying to find if we have a UI like cloudera navigator in Hortonworks. My requirement is to audit the Ranger logs, check "

logs related to a db accesed, by , when who, denied, last accssed " etc.

1 ACCEPTED SOLUTION

avatar
Rising Star

Hi @sbx hadoop, Ranger provides an excellent auditing functionality that can be accessed easily through Ranger UI.

After logging into ranger UI, click on Audit link from top global menu and then click on access tab.

The resource access related logs are found here. Pls note the access logs will be generated only if the Ranger plugin for that component is enabled and working fine.

This page shows you the following:

Date and time at which the resource access was attempted, user which tried to access the resource, service to which the resource belongs and whose policies come into play, Resource name and type (Ex: type = column-family if the operation was related to hbase col family ), Access Type [Eg: get for hbase], Result - Allowed/ Denied, Access Enforcer=ranger-acl/ hadoop-acl, and the policy which granted access.

In case of Access Enforcer=ranger-acl and result=denied, the policy-id field will show a '--' which means that the user didn't have any Ranger policy for that resource and so the access was denied.

In case of Access Enforcer=ranger-acl and result=allowed, the policy-id field will show the policy-id link, which means that the user had access to the resource through that particular policy. Clicking on the link will show you the policy details.

Also the search feature helps you in streamlining your search by entering various search inputs.

Hope this helps.

View solution in original post

2 REPLIES 2

avatar
Expert Contributor

@sbx hadoop

You can access the Audit logs through the Ranger UI. The logs are stored in Solr (Ambari Infra), so you are able to apply a filter and search conditions to the logs. The search conditions include Result (Denied/Allowed, Date, User, IP, Component, Access Type, Tag, etc.).

screen-shot-2017-03-22-at-150306.png

avatar
Rising Star

Hi @sbx hadoop, Ranger provides an excellent auditing functionality that can be accessed easily through Ranger UI.

After logging into ranger UI, click on Audit link from top global menu and then click on access tab.

The resource access related logs are found here. Pls note the access logs will be generated only if the Ranger plugin for that component is enabled and working fine.

This page shows you the following:

Date and time at which the resource access was attempted, user which tried to access the resource, service to which the resource belongs and whose policies come into play, Resource name and type (Ex: type = column-family if the operation was related to hbase col family ), Access Type [Eg: get for hbase], Result - Allowed/ Denied, Access Enforcer=ranger-acl/ hadoop-acl, and the policy which granted access.

In case of Access Enforcer=ranger-acl and result=denied, the policy-id field will show a '--' which means that the user didn't have any Ranger policy for that resource and so the access was denied.

In case of Access Enforcer=ranger-acl and result=allowed, the policy-id field will show the policy-id link, which means that the user had access to the resource through that particular policy. Clicking on the link will show you the policy details.

Also the search feature helps you in streamlining your search by entering various search inputs.

Hope this helps.