Hadoop Security Guide
Also available as:
loading table of contents...

Enable Ranger KMS Audit

Ranger KMS supports audit to DB, HDFS, and Solr. Solr is well-suited for short-term auditing and UI access (for example, one month of data accessible via quick queries in the Web UI). HDFS is typically used for archival auditing. They are not mutually exclusive; we recommend configuring audit to both Solr and HDFS.

First, make sure Ranger KMS logs are enabled:

  1. Go to the Ambari UI: http://<gateway>:8080

  2. Select ranger-kms from the service.

  3. Click the Configs tab, and go to the accordion menu.

  4. In the Advanced ranger-kms-audit list, set xasecure.audit.is.enabled to true.

  5. Select "Audit to Solr" and/or "Audit to HDFS", depending on which database(s) you plan to use:

  6. Save the configuration and restart the Ranger KMS service.

Next, check to see if the Ranger KMS Plugin is enabled:

  1. Go to the Ranger UI: http://<gateway>:6080

  2. Login with your keyadmin user ID and password (the defaults are keyadmin, keyadmin). The default repository will be added under KMS service.

  3. Run a test connection for the service. You should see a ‘connected successfully’ popup message. If the connection is not successful, make sure that the configured user exists (in KDC for a secure cluster).

  4. Choose the Audit > Plugin tab.

  5. Check whether plugins are communicating. The UI should display Http Response code 200 for the respective plugin.

The next two subsections describe how to save audit to Solr and HDFS.