You can use Ranger audit filters to control the amount of audit log data collected and
stored on your cluster.
About Ranger audit filters🔗
Ranger audit filters allow you to control the amount of audit log data for each Ranger
service. Audit filters are defined using a JSON string that is added to each service
configuration. The audit filter JSON string is a simplified form of the Ranger policy
JSON. Audit filters appear as rows in the Audit Filter section of the Edit Service view
for each service. The set of audit filter rows defines the audit log policy for the
service. For example, the default audit log policy for the Hadoop SQL service appears in Ranger Admin web UI > Service Manager > Edit Service when you scroll down to Audit Filter.
Audit Filter is checked (enabled) by default. In this example,
the top row defines an audit filter that causes all instances of "access denied" to
appear in audit logs. The lower row defines a filter that causes no metadata operations
to appear in audit logs. These two filters comprise the default audit filter policy for
Hadoop SQL service. Figure 1. Default audit filter policy for the Hadoop SQL service
This site uses cookies and related technologies, as described in our privacy policy, for purposes that may include site operation, analytics, enhanced user experience, or advertising. You may choose to consent to our use of these technologies, or
