Cloudera Navigator Audit Event Reports
Minimum Required Role: Auditing Viewer (also provided by Full Administrator)
An audit report is a collection of audit events that result from the application of filters. Audit report metadata is recorded by the Cloudera Navigator Metadata Server.
Creating Audit Event Reports
- Start and log in to the Cloudera Navigator data management component UI.
- Click the Audits tab. The Audit Events report displays all audit events that occurred during the last hour.
- Do one of the following:
- Save a filtered version of the Audit Events report:
- Optionally specify filters.
- Click Save As Report.
- Create a new report by clicking New Report.
- Save a filtered version of the Audit Events report:
- Enter a report name.
- In the Default time range field, specify a relative time range. If you had specified a custom absolute time range before selecting Save As Report, the custom absolute time range is discarded.
- Optionally add filters.
- Click Save.
Editing Audit Event Reports
- Start and log in to the Cloudera Navigator data management component UI.
- Click the Audits tab. The Audit Events report displays all audit events that occurred during the last hour.
- In the left pane, click a report name.
- Click Edit Report.
- In the Default time range field, specify a relative time range. If you had specified a custom absolute time range before selecting Save As Report, the custom absolute time range is discarded.
- Optionally add filters.
- Click Save.
Downloading Audit Event Reports
You can download audit event reports in the Navigator UI or by using the Audit API in CSV and JSON formats. An audit event contains the following fields:
- timestamp
- service
- username
- ipAddress
- command
- resource
- allowed
- [operationText]
- serviceValues
In addition to downloading audit events, you can configure the Navigator Audit Server to publish audit events to a Kafka topic or syslog. See Publishing Audit Events.
Downloading Audit Event Reports Using the Audit UI
- Start and log in to the Cloudera Navigator data management component UI.
- Click the Audits tab. The Audit Events report displays all audit events that occurred during the last hour.
- Do one of the following:
- Add filters.
- In the left pane, click a report name.
- Select , where format is CSV or JSON.
Downloading Audit Events Using the Audit API
You can filter and download audit events using the Cloudera Navigator Data Management API.Hive Audit Events Using the Audit API
To use the API to download the audits events for a service named hive, issue the request
curl http://Navigator_Metadata_Server_host:port/api/v9/audits/?query=service%3D%3Dhive&startTime=1431025200000&endTime=1431032400000\ &limit=5&offset=0&format=JSON&attachment=false -X GET -u username:passwordThe startTime and endTime parameters are required and must be specified in epoch time in milliseconds.
The request could return the following JSON items:
[ { "timestamp" : "2015-05-07T20:34:39.923Z", "service" : "hive", "username" : "hdfs", "ipAddress" : "12.20.199.170", "command" : "QUERY", "resource" : "default:sample_08", "operationText" : "INSERT OVERWRITE \n TABLE sample_09 \nSELECT \n sample_07.code,sample_08.description \n FROM sample_07 \n JOIN sample_08 \n WHERE sample_08.code = sample_07.code", "allowed" : true, "serviceValues" : { "object_type" : "TABLE", "database_name" : "default", "operation_text" : "INSERT OVERWRITE \n TABLE sample_09 \nSELECT \n sample_07.code,sample_08.description \n FROM sample_07 \n JOIN sample_08 \n WHERE sample_08.code = sample_07.code", "resource_path" : "/user/hive/warehouse/sample_08", "table_name" : "sample_08" } }, { "timestamp" : "2015-05-07T20:33:50.287Z", "service" : "hive", "username" : "hdfs", "ipAddress" : "12.20.199.170", "command" : "SWITCHDATABASE", "resource" : "default:", "operationText" : "USE default", "allowed" : true, "serviceValues" : { "object_type" : "DATABASE", "database_name" : "default", "operation_text" : "USE default", "resource_path" : "/user/hive/warehouse", "table_name" : "" } }, { "timestamp" : "2015-05-07T20:33:23.792Z", "service" : "hive", "username" : "hdfs", "ipAddress" : "12.20.199.170", "command" : "CREATETABLE", "resource" : "default:", "operationText" : "CREATE TABLE sample_09 (code string,description string) ROW FORMAT DELIMITED FIELDS TERMINATED BY '\\t' STORED AS TextFile", "allowed" : true, "serviceValues" : { "object_type" : "DATABASE", "database_name" : "default", "operation_text" : "CREATE TABLE sample_09 (code string,description string) ROW FORMAT DELIMITED FIELDS TERMINATED BY '\\t' STORED AS TextFile", "resource_path" : "/user/hive/warehouse", "table_name" : "" } } ]