Ranger Ambari Installation
Also available as:

Save Audits to Solr

You can save and store Ranger audits to Solr if you have installed and configured the Solr service in your cluster.

It is recommended that Ranger audits be written to both Solr and HDFS. Audits to Solr are primarily used to enable queries from the Ranger Admin UI. HDFS is a long-term destination for audits -- audits stored in HDFS can be exported to any SIEM system, or to another audit store.

To save Ranger audits to Solr:

  1. From the Ambari dashboard, select the Ranger service. On the Configs tab, scroll down and select Advanced ranger-admin-site. Set the following property values:

    • ranger.audit.source.type = solr

    • ranger.audit.solr.urls = http://solr_host:6083/solr/ranger_audits

    • ranger.audit.solr.username = ranger_solr

    • ranger.audit.solr.password = NONE

  2. Restart the Ranger service.

  3. After the Ranger service has been restarted, you will then need to make specific configuration changes for each plugin to ensure that the plugin's data is captured in Solr.

  4. For example, if you would like to configure HBase for audits to Solr, perform the following steps:

    • Select the Audit to Solr checkbox in Advanced ranger-hbase-audit.

    • Enable the Ranger plugin for HBase.

    • Restart the HBase component.

  5. Verify that the Ranger audit logs are being passed to Solr by opening one of the following URLs in a web browser: