Using Apache Solr for Ranger Audits
Apache Solr is an open-source enterprise search platform. Apache Ranger can use Apache Solr to store audit logs, and Solr can also to provide a search capability of the audit logs through the Ranger Admin UI.
Important | |
---|---|
Solr must be installed and configured before installing RangerAdmin or any of the Ranger component plugins. |
It is recommended that Ranger audits be written to both Solr and HDFS. Audits to Solr are primarily used to enable search queries from the Ranger Admin UI. HDFS is a long-term destination for audits -- audits stored in HDFS can be exported to any SIEM system, or to another audit store.
Configuration Options
Solr Standalone -- Solr Standalone is only recommended for testing and evaluation. Solr Standalone is a single instance of Solr that does not require ZooKeeper.
SolrCloud -- This is the recommended configuration for Ranger. SolrCloud is a scalable architecture that can run as single node or as a multi-node cluster. It includes features such as replication and sharding, which are useful for high availability (HA) and scalability. With SolrCloud, you need to plan the deployment based on the cluster size.
The following sections describe how to install and configure Apache Solr for Ranger Audits: