Cloudera Community
liuruibnu
user rank
Explorer

Re: Ranger Audit Log (Add filter)

by Super Collaborator in Support Questions
‎01-07-2018 09:04 PM
1 Kudo
‎01-07-2018 09:04 PM
1 Kudo
Hi @Rachel Rui Liu, This can perform this with two solutions. 1. Using the log back filter mechanism, For the Audit logs which has forbidden access -> you can see “result”:1 in the response. Which mean we can configure the log back settings in nifi properties (where as log4j in kafka ). Here I am giving the code snippet for the same ( may need to modify accordingly) <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> <evaluator> <!-- defaults to type ch.qos.logback.classic.boolex.JaninoEventEvaluator --> <expression>return message.contains('"result":1');</expression> </evaluator> <OnMismatch>DENY</OnMismatch> <OnMatch>NEUTRAL</OnMatch> </filter> so your nifi-node-logback-env file will have the following snippet <appender name="RANGER_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${org.apache.nifi.bootstrap.config.log.dir}/ranger_nifi_audit.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> <fileNamePattern>${org.apache.nifi.bootstrap.config.log.dir}/ranger_nifi_audit_%d{yyyy-MM-dd_HH}.%i.log</fileNamePattern> <maxFileSize>100MB</maxFileSize> <maxHistory>30</maxHistory> </rollingPolicy> <immediateFlush>true</immediateFlush> <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> <evaluator> <!-- defaults to type ch.qos.logback.classic.boolex.JaninoEventEvaluator --> <expression>return message.contains('"result":1');</expression> </evaluator> <OnMismatch>DENY</OnMismatch> <OnMatch>NEUTRAL</OnMatch> </filter> <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> <pattern>%date %level [%thread] %logger{40} %msg%n</pattern> </encoder> </appender> in case of log4j that would be regular expression filter <RegexFilter regex=".*\"result\" \: 1.*" onMatch="ACCEPT" onMismatch="DENY"/> More on This can be found at log4j and logback 2. Using the out of the box solution with simple shell script whchi will grep the result:1 lines and remev rest of all on periodic interval sed '/”result”:1/!d' <logfile> Hope this helps !! ... View more

Re: Ambari Create Blueprint -- 405 Method Not Allo...

by Explorer in Support Questions
‎07-28-2017 07:40 AM
‎07-28-2017 07:40 AM
Hi, Jay, thanks for your reply. Problem solved using curl and change the payload a little bit. I followed the instruction documented at, https://cwiki.apache.org/confluence/display/AMBARI/Blueprints And I noticed the difference when I switching the tools. When using Postman, I have to add ":" when trigger the GET request to get blueprint, so my url is like http://testambarihost:8080/api/v1/clusters/:mycluster?format=blueprint And if I change the url to http://testambarihost:8080/api/v1/clusters/mycluster?format=blueprint I will get below exception { "status" : 404, "message" : "The requested resource doesn't exist: Cluster not found, clusterName=mycluster" } When using curl, no ":" is needed, and the post request you've mentioned works. BTW, another modification I found required, the response body I get from step one, I need to manually remove the top level wrapper which wraps the blueprint as array items, after removing the top level wrapper of the body, I can post without issue. ... View more

Re: Issue when upgrade HDF2.1.2 to HDF3.0

by Master Mentor Master Mentor in Support Questions
‎07-06-2017 10:05 AM
‎07-06-2017 10:05 AM
@Rachel Rui Liu Good to know that you are able to run the mpack upgrade file now, Without any issue. If you are not facing any issue now then can you please mark this thread as answered by clicking on the "Accept" link. ... View more
Contact Me
Online
Offline
Last Visited
‎01-07-2018 11:46 PM
Community Statistics
Member Since ‎07-06-2017 08:26 AM
Last Visited ‎01-07-2018 11:46 PM
Posts 9