Setting Up Navigator Audit Server

The steps below show you how to add the Navigator Audit Server role to an existing Cloudera Manager cluster.

The Navigator Audit Server role runs on the Cloudera Management Service. By default, the installation process installs both Navigator Audit Server and Navigator Metadata Server roles on the same Cloudera Management Service instance, but that may not be optimal, especially for very large clusters.

Adding the Navigator Audit Server Role

Cloudera Manager Required Role: Navigator Administrator (or Full Administrator)

The steps below assume that an external database is running and available to be used with the Navigator Audit Server role. Before adding this role, gather the configuration details about the external database instance so you can enter them when needed during this process.

To add the Navigator Audit Server role to the cluster:
  1. Log in to the Cloudera Manager Admin Console.
  2. From the menu, select Clusters > Cloudera Management Service.
  3. Click theInstances tab.
  4. Click Add Role Instances. The Customize Role Assignments page displays and lists the nodes available to support additional roles, assuming the cluster has available resources. Reassign and customize role instances as needed.
  5. Select the Navigator Audit Server role and assign it to appropriate host for your cluster.
  6. When finished, click Continue. The Database Setup page displays.
  7. Click Use Custom Database.
  8. In the Navigator Audit Server section, enter the details of your database instance:
    • Database host name
    • Database type
    • Database name
    • Username
    • Password
    Here is an example of a configured external database instance:

  9. Click Test Connection to verify the communication between the cluster and the external database. If the test fails, check the database settings and try again. If you selected embedded database, a message displays regarding database creation.
  10. Click Continue.
  11. The Cluster Setup Review Changes page displays.
  12. Click Finish.

Starting, Stopping, and Restarting the Navigator Audit Server

  1. Log in to the Cloudera Manager Admin Console.
  2. From the menu, select Clusters > Cloudera Management Service.
  3. Click the Instances tab.
  4. Click the link for the Navigator Audit Server from the Role Type list. The Actions for Selected button activates and displays (1) for the selected role.
  5. From the Actions for Selected (1) menu, select the Action you want to perform on this role instance:
    • Start
    • Stop
    • Restart
    • Enter Maintenance Mode
    • Exit Maintenance Mode
    • Delete
    A confirmation message displays prompting you to Cancel or complete the specified Action.
  6. Click Cancel to abandon the process, or click Action to execute the action.

Configuring the Navigator Audit Server Data Expiration Period

By default, the Navigator Audit Server keeps 90 days worth of audit events in its database. The setting can be changed to a shorter timeframe by configuring the number of hours or days of audit events to keep in the Navigator Audit Server database as follows:
  1. Log in to the Cloudera Manager Admin Console.
  2. From the menu, select Clusters > Cloudera Management Service.
  3. Click the Configuration tab.
  4. Select Navigator Audit Server from the Scope filter.
  5. For the Navigator Audit Server Data Expiration Period, enter the number of days or hours or audit events that should be retained in the database before purging and select either day(s) or hour(s) from the drop-down to label the value accordingly.
  6. Restart the Navigator Audit Server role.

Review the Navigator Audit Server Filters

Cloudera Manager Required Role: Navigator Administrator (or Full Administrator)

By far, HDFS produces the largest volume of audit events. Many of these events are caught and discarded by audit filters, particularly events that don't uniquely describe activity on the cluster or are produced only by controlled service users. Many of the default HDFS audit filters assume default service role names. To get value from the default filters, be sure to review them to make sure that the role names referenced match those used in your environment.

See Customizing the Default Audit Filters for more information about the provided filters and their use.

You can review and possibly change the filters as follows:

  1. Log in to the Cloudera Manager Admin Console.
  2. Select an HDFS service. Select Cluster > HFDS Service-Name
  3. Click the Configuration tab.
  4. Filter the properties on "audit".
  5. Review the list of filters in the property Audit Event Filter.
  6. Make changes to the filters as appropriate.
  7. Restart the Navigator Audit Server role.

Setting the Navigator Audit Server Java Heap Size

Cloudera Manager Required Role: Navigator Administrator (or Full Administrator)

The Navigator Audit Server performance is typically bound by the performance of the database. With that in mind, consider increasing the Navigator Audit Server Java heap to as much as 4 GB; increasing heap beyond this point is unlikely to change the server performance. The default Java heap is set to 1.5 GiB.

You can change the setting as follows:
  1. Log in to the Cloudera Manager Admin Console.
  2. Select Clusters > Cloudera Management Service.
  3. Click the Configuration tab.
  4. Select Scope > Navigator Audit Server.
  5. For Filter Category, click Resource Management to display the Java Heap Size property.

  6. Use the drop-down selector to change the unit scale to B (Bytes), KiB, MiB, or GiB and set your preferred heap size.
  7. Click Save Changes.

    The setting takes effect only after restarting the role. Restart the Navigator Metadata Server role now or make other configuration changes and restart after you are finished with all changes.

  8. Restart the Navigator Audit Server role.

Configuring the Navigator Audit Server Log Directory

The default location for the Navigator Audit Server logs is:
/var/log/cloudera-scm-navigator
To change the location for the log directory:
  1. Log in to the Cloudera Manager Admin Console.
  2. From the menu, select Clusters > Cloudera Management Service.
  3. Click the Configuration tab.
  4. Select Category > Logs.
  5. Enter the path for the Navigator Audit Server Log Directory property.
  6. Restart the Navigator Audit Server role.