Installing Apache Ranger
Also available as:
PDF

Customize Services: Audit

How to customize the Ranger Audit service when installing Ranger via Ambari.

Apache Ranger uses Apache Solr to store audit logs and provides UI searching through the audit logs. Solr must be installed and configured before installing Ranger Admin or any of the Ranger component plugins. The default configuration for Ranger Audits to Solr uses the shared Solr instance provided under the Ambari Infra service. Solr is both memory and CPU intensive. If your production system has high volume of access requests, make sure that the Solr host has adequate memory, CPU, and disk space.

SolrCloud is the preferred setup for production usage of Ranger. SolrCloud, which is deployed with the Ambari Infra service, is a scalable architecture that can run as a single node or multi-node cluster. It has additional features such as replication and sharding, which is useful for high availability (HA) and scalability. You should plan your deployment based on your cluster size. Because audit records can grow dramatically, plan to have at least 1 TB of free space in the volume on which Solr will store the index data. Solr works well with a minimum of 32 GB of RAM. You should provide as much memory as possible to the Solr process. It is highly recommended to use SolrCloud with at least two Solr nodes running on different servers with replication (CCDR) enabled. SolrCloud also requires Apache ZooKeeper.

It is recommended that you store audits in both HDFS and Solr. The default configuration for Ranger Audits to Solr uses the shared Solr instance provided under the Ambari Infra service. For more information about Audits to Solr, see and Using Apache Solr for Ranger Audits.

  1. On the Customize Services page, select the Ranger Audit tab.
    It is recommended that you store audits in Solr and HDFS. Both of these options are set to ON by default. Solr provides the capability to index and search on the most recent logs while HDFS is used as the more permanent or longer term store. By default, Solr is used to index the preceding 30 days of audit logs.
  2. Under Audit to Solr, turn ON SolrCloud.
    The SolrCloud configuration settings will be loaded automatically.

    Under Ambari > Ranger > Configs > Ranger Audit, turn SolrCloud ON.

“Customize Services: Plugins”