Enable Ranger KMS Audit
Ranger KMS supports audit to DB, HDFS, and Solr. Solr is well-suited for short-term auditing and UI access (for example, one month of data accessible via quick queries in the Web UI). HDFS is typically used for archival auditing. They are not mutually exclusive; we recommend configuring audit to both Solr and HDFS.
First, make sure Ranger KMS logs are enabled:
Go to the Ambari UI:
http://<gateway>:8080
Select
ranger-kms
from the service.Click the Configs tab, and go to the accordion menu.
In the Advanced ranger-kms-audit list, set
xasecure.audit.is.enabled
to true.Select "Audit to Solr" and/or "Audit to HDFS", depending on which database(s) you plan to use:
Save the configuration and restart the Ranger KMS service.
Next, check to see if the Ranger KMS Plugin is enabled:
Go to the Ranger UI:
http://<gateway>:6080
Login with your keyadmin user ID and password (the defaults are
keyadmin
,keyadmin
). The default repository will be added under KMS service.Run a test connection for the service. You should see a ‘connected successfully’ popup message. If the connection is not successful, make sure that the configured user exists (in KDC for a secure cluster).
Choose the Audit > Plugin tab.
Check whether plugins are communicating. The UI should display
Http Response code 200
for the respective plugin.
The next two subsections describe how to save audit to Solr and HDFS.