Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

audit log retention on plugin host before storage (on HDFS or Solr)


audit log retention on plugin host before storage (on HDFS or Solr)



Ranger plugins could send audit logs up to Solr and HDFS storages.

About Solr storage: I except any produced audit log to be sent ASAP up to Solr for storage (so, losing a log looks like here a non-issue).

===> Is it correct ?

About HDFS storage, I have read the following within the HortonWorks docs:

* section "Enabling Audit Logging in Non-Ambari Clusters" => a property "XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY" is mentioned, and it is related to "Set the Audit to HDFS caches logs in the local directory"

So, I conclude logs are stored on the plugin host (for a short period of time, as written into the docs) and then, if the plugin host disk crashs, then logs could be lost, couldn't they ?

The doc mentions no info about the period of time after which the logs are sent to HDFS.

===> Does anyone have any hint about this stuff ?

* section "Manually Updating HDFS Audit Settings (for Ambari installs)" => no property


===> What does that mean ? Is there - as above - some log retention on the plugin host for some time ?

How does it work ?


Don't have an account?
Coming from Hortonworks? Activate your account here