Migrating Ranger admin audit logs

This topic describes how to migrate Ranger admin audit logs from the x_trx_log table to the x_trx_log_v2 table.

Starting from Cloudera Runtime 7.3.2.0, Ranger admin audit logs are stored in the x_trx_log_v2 table in the Ranger database. In releases earlier than 7.3.2.0, Ranger admin audit logs were stored in the x_trx_log table in the Ranger database. Hence, if you upgrade to Cloudera Runtime 7.3.2.0 from any previous version and you want to retain your old data, you must migrate the Ranger admin audit logs from the x_trx_log table to the x_trx_log_v2 table.

Perform the following steps to migrate logs from the x_trx_log table to the x_trx_log_v2 table:

After you upgrade your cluster and Ranger is up, log in to Cloudera Manager.
Select the Ranger service, and click Actions > Ranger Admin Transaction Log Migration.
Confirm by clicking Ranger Admin Transaction Log Migration.
The migration process starts.
After the migration is complete, click Close.

Configuration

In case you want to retain the logs for a certain number of days, you can configure the ranger.admin.migrate.transaction_records.retention.days property in Cloudera Manager to do so. By default, the value of this property is -1, which means that all data will be retained. To set a different value for this property, perform the following steps:

Go to Cloudera Manager > Ranger > Configuration.
In Ranger Admin Advanced Configuration Snippet (Safety Valve) for conf/ranger-admin-site.xml, click the + icon and set the following:
- In the Name field, enter ranger.admin.migrate.transaction_records.retention.days.
- In the Value field, enter the number of days.
Click Save Changes.

Limitation

If the migration process takes more than 15 minutes to complete, Cloudera Manager aborts the migration process. In such cases, you need to run the commands multiple times to migrate the entire data. The process restarts the migration again from the point it was aborted.