Configuring Ranger audit properties for Solr
How to change the default time settings that control how long Ranger keeps audit data collected by Solr.
The Solr audit destination is intended to store short term audit records .You can
configure parameters that control how much data collected by Solr that Ranger will
store for auditing purposes.
Parameter Name | Description | Default Setting | Units |
---|---|---|---|
ranger.audit.solr.config.ttl |
Time To Live for Solr Collection of Ranger Audits |
90 | days |
ranger.audit.solr.config.delete.trigger | Auto Delete Period in seconds for Solr Collection of Ranger Audits for expired documents | 1 | days (configurable) |
- From Cloudera Manager choose .
- In Search, type ranger.audit.solr.config, then press Return.
- In ranger.audit.solr.config.ttl, set the the number of days to keep audit data.
- In ranger.audit.solr.config.delete.trigger set the number and units (days, minutes, hours, or seconds) to keep data for expired documents
-
Refresh the configuration:
- Click Refresh Configuration, as prompted.
- In Actions, click Update Solr config-set for Ranger, then confirm.
Limiting solr spool directory growth
To limit stored audit logs, you may set a maximum limit on the solr spool directory size for each service.
- Manually delete the logs under the archive path for the service.
-
Set the log retention value of the archive path from default 100 to 2
.
- Restart the service.