Auditing

Ranger auditing is managed on a per-cluster basis. Ranger plugins log the audit details to both HDFS for long-term storage and to the infrastructure Solr instance for supporting audit search in the Ranger Admin UI. In the event that a Ranger plugin cannot write an audit log to either service, the plugin locally caches the audit event and attempts to replay it at a later time.

When you enable Ranger high availability (HA), you must also enable high availability on the HDFS and infrastructure Solr dependencies.

CDP makes no attempt to synchronize audit details across clusters in a disaster recovery setup. If unified audits are required, consider exporting the audit details to an external mechanism, such as a security information and event management (SIEM) framework.