Configuring Service Auditing Properties
Each service (with exceptions noted) that supports auditing has the following properties:
- Enable Audit Collection - See Enabling Audit Collection and Enabling Solr Auditing.
- Audit Log properties - See Configuring Audit Logs and Configuring Impala Daemon Logging.
- Audit Event Filter - A set of rules that capture properties of auditable events and actions to be performed when an event matches those properties. The
Cloudera Manager Agent uses this property to filter events out before they are sent to Cloudera Navigator. The default filter settings discard the following events:
- HDFS - generated by the internal Cloudera and Hadoop users (cloudera-scm, hdfs, hbase, hive, impala, mapred, solr, spark, and dr.who), events generated by the hdfs user running the listStatus, listCachePools, listCacheDirectives, and getfileinfo operations, and that affect files in the /tmp directory.
- HBase - that affect the -ROOT-, .META., and acl tables
- Hive - generated by Hive MapReduce jobs in the /tmp directory
- Impala, Solr, Solr, Navigator Metadata Server- no default filter.
- Audit Event Tracker - A set of rules for tracking and coalescing events. This feature is used to define equivalency between different audit events. Tracking works by keeping a reference to events when they first appear, and comparing other incoming events against the tracked events according to the rules defined. When events match, according to a set of configurable parameters, only one entry in the audit list is generated for all the matching events. This property is not supported for the Navigator Metadata Server.
- Audit Queue Policy - The action to take when the audit event queue is full. The options are Drop or Shutdown. When a queue is full and the queue policy of
the service is Shutdown, before shutting down the service, N audits will be discarded, where N is the size of the Cloudera Navigator Audit Server queue.
Note: If the queue policy is Shutdown, the Impala service is shut down only if Impala is unable to write to the audit log file. It is possible that an event may not appear in the audit event log due to an error in transfer to the Cloudera Manager Agent or database. In such cases Impala will not shut down and will keep writing to the log file. When the transfer problem is fixed the events will be transferred to the database.This property is not supported for Hue or the Navigator Metadata Server.
The Audit Event Filter and Audit Event Tracker rules for filtering and coalescing events are expressed as JSON objects. You can edit these rules using a rule editor:
or in a JSON text field:
For information on the structure of the objects, and the properties for which you can set filters, display the description on the configuration page as follows:
- In the Cloudera Manager Admin Console, go to a service that supports auditing.
- Click the Configuration tab.
- Select .
- Select category.
- In Audit Event Tracker row, click . For example, the Hive
properties are:
- userName: the user performing the action.
- ipAddress: the IP from where the request originated.
- operation: the Hive operation being performed.
- databaseName: the databaseName for the operation.
- tableName: the tableName for the operation.
Configuring Service Auditing Properties
To configure service and role auditing properties, perform the procedure below. In addition, for Impala and Solr auditing, perform the steps in Configuring Impala Daemon Logging and Enabling Solr Auditing and for all services perform the steps in Configuring Audit Logs.- Do one of the following:
- Service - Go to a supported service.
- Navigator Metadata Server
- Do one of the following:
- Select .
- On the Cloudera Management Service table, click the Cloudera Management Service link. tab, in
- Do one of the following:
- Click the Configuration tab.
- Select the scope according to the service or role:
- All services - .
- Navigator Metadata Server - .
- Select category.
- Edit the properties.
- Click Save Changes to commit the changes.
- Restart the service.
Page generated July 8, 2016.
<< Configuring Service Audit Collection and Log Properties | ©2016 Cloudera, Inc. All rights reserved | Publishing Audit Events >> |
Terms and Conditions Privacy Policy |