Configuring Service Audit Collection and Log Properties
Minimum Required Role: Navigator Administrator (also provided by Full Administrator)
To configure service auditing, you must enable audit collection and log properties. You can also configure which events are logged for each service by following the procedures in Configuring Audit Properties.
Continue reading:
Enabling Audit Collection
The service or role Enable Audit Collection property controls whether the Cloudera Manager Agent tracks a service or role's audit log file.
- Do one of the following:
- Go to a supported service.
- Go to Navigator Metadata Server.
- Do one of the following:
- Select .
- On the Cloudera Management Service table, click the Cloudera Management Service link. tab, in
- Do one of the following:
- Click the Configuration tab.
- Select the scope according to the service:
- Service -
- Navigator Metadata Server -
- Select .
- Select the Enable Audit Collection checkbox.
- Click Save Changes to commit the changes.
- Restart the service.
Configuring Impala Daemon Logging
- Click the Impala service.
- Click the Configuration tab.
- Select .
- Select .
- Edit the Enable Impala Audit Event Generation.
- Click Save Changes to commit the changes.
- Restart the service.
- Click the Impala service.
- Select .
- Select .
- Set the Impala Daemon Maximum Audit Log File Size property.
- Click Save Changes to commit the changes.
- Restart the service.
Enabling Solr Auditing
Solr auditing is disabled by default. To enable auditing:- Enable Sentry authorization for Solr following the procedure in Enabling Sentry Policy File Authorization for Solr.
- Go to the Solr service.
- Click the Configuration tab.
- Select
- Select category.
- Select or clear the Enable Sentry Authorization checkbox.
- Select category.
- Select or clear the Enable Audit Collection checkbox. See Configuring Service Audit Collection and Log Properties.
- Click Save Changes to commit the changes.
- Restart the service.
Configuring Audit Logs
- Audit Log Directory - The directory in which audit log files are written. By default,
this property is not set if Cloudera Navigator is not installed.
A validation check is performed for all lifecycle actions (stop/start/restart). If the Enable Collection flag is selected and the Audit Log Directory property is not set, the validator displays a message that says that the Audit Log Directory property must be set to enable auditing.
If the value of this property is changed, and service is restarted, then the Cloudera Manager Agent will start monitoring the new log directory for audit events. In this case it is possible that not all events are published from the old audit log directory. To avoid loss of audit events, when this property is changed, perform the following steps:
- Stop the service.
- Copy audit log files and (for Impala only) the impalad_audit_wal file from the old audit log directory to the new audit log directory. This needs to be done on all the hosts where Impala Daemons are running.
- Start the service.
- Maximum Audit Log File Size - The maximum size of the audit log file before a new file is created. The unit of the file size is service dependent:
- HDFS, HBase, Hive, Hue, Navigator Metadata Server, Sentry, Solr - MiB
- Impala - lines (queries)
- Number of Audit Logs to Retain - Maximum number of rolled over audit logs to retain. The logs will not be deleted if they contain audit events that have not yet been propagated to the Audit Server.
- Do one of the following:
- Service - Go to a supported service.
- Navigator Metadata Server
- Do one of the following:
- Select .
- On the Cloudera Management Service table, click the Cloudera Management Service link. tab, in
- Do one of the following:
- Click the Configuration tab.
- Select the scope according to the service:
- All services except Impala - .
- Impala - .
- Navigator Metadata Server - .
- Select .
- Configure the log properties. For Impala, preface each log property with Impala Daemon.
- Click Save Changes to commit the changes.
- Restart the service.