Cloudera Docs

Configuring Ranger audits to show actual client IP address

How to forward the actual client IP address to audit logs generated from a Ranger plugin.

Ranger audit logs record the IP address through which Ranger policies grant/authorize access. When Ranger is set up behind a Knox proxy server, the proxy server IP address appears in the audit logs generated for each Ranger plugin. You can configure each plugin to forward the actual client IP address on which that service runs, so that the audit logs for that service more specifically reflect access/authorization activity. You must configure each plugin individually. This topic uses the Hive (Hadoop SQL) service as an example.

  1. From Cloudera Manager choose <service_name> > Configuration.
  2. In <service_name> > Configuration > Search, type ranger-plugin, then press Return.
  3. In Ranger Plugin Use X-Forwarded for IP Address, check the box.
  4. In Ranger Plugin Trusted Proxy IP Address, type the IP address of the Knox proxy server host.
    Setting a Ranger Plugin to x-Forwarded for the Knox Proxy Server Address
Hive audit logs will now show the IP address of the host on which Hive service runs.