Support Questions

Find answers, ask questions, and share your expertise

does Ranger audit itself ?

avatar
Explorer

Hi,

Ranger collects audit log through its plugins.

Does Ranger audit itself also?

I mean: does Ranger produce an audit log when an admin account is, for example, creating a new user, or is modifying associated role?

More generally, are all admin tasks through Ranger UI producing an audit log?

Thanks

1 ACCEPTED SOLUTION

avatar

Hi @Dominique De Vito,

Yes it does. If you then click on the action 'Update' It will show you what was updated. In this example below. Users was empty and now it has the user HTTP. Hope this is what you were looking for.

62944-screen-shot-2018-03-16-at-90712-am.png

62945-screen-shot-2018-03-16-at-90849-am.png

View solution in original post

4 REPLIES 4

avatar
Explorer

Well, AFAIR now, Ranger audits itself for some features

--- Ranger KMS is producing its own audit logs as the HDP docs say:

7.1.3. Enable Ranger KMS Audit
Ranger KMS supports audit to DB, HDFS, and Solr. Solr is well-suited for short-term auditing and UI access (for example, one month of data accessible via quick queries in the Web UI). HDFS is typically used for archival auditing. They are not mutually exclusive; we recommend configuring audit to both Solr and HDFS.

--- And whenever, a "admin" user makes some user profile modifications, Ranger Admin Console stores some trace.

--- And a trace is written too when a user (whatever he/she is) connects to Ranger Admin Console.

All these last 2 kinds of traces could be displayed through the Ranger Admin Console "Audit" feature.

But, does Ranger write any trace for all the resource-based policy modifications ? I don't know.

If anyone has a clue, and want to share it, thanks.

avatar
Expert Contributor

Hi Dominique,
Yes it does audit policy change/update, and logins.
hope this answer your question.

avatar

Hi @Dominique De Vito,

Yes it does. If you then click on the action 'Update' It will show you what was updated. In this example below. Users was empty and now it has the user HTTP. Hope this is what you were looking for.

62944-screen-shot-2018-03-16-at-90712-am.png

62945-screen-shot-2018-03-16-at-90849-am.png

avatar
Explorer

@dvillarreal oops, I have missed that ones.

Thanks for pointing me policy change/update traces/audits.