Configuring Ranger audit properties for Solr

How to change the default time settings that control how long Ranger keeps audit data collected by Solr.

The Solr audit destination is intended to store short term audit records .You can configure parameters that control how much data collected by Solr that Ranger will store for auditing purposes.
Table 1. Ranger Audit Configuration Parameters for Solr
Parameter Name Description Default Setting Units

Time To Live for Solr Collection of Ranger Audits

90 days
ranger.audit.solr.config.delete.trigger Auto Delete Period in seconds for Solr Collection of Ranger Audits for expired documents 1 days (configurable)
  1. From Cloudera Manager choose Ranger > Configuration.
  2. In Search, type ranger.audit.solr.config, then press Return.
  3. In ranger.audit.solr.config.ttl, set the the number of days to keep audit data.
  4. In ranger.audit.solr.config.delete.trigger set the number and units (days, minutes, hours, or seconds) to keep data for expired documents
  5. Refresh the configuration:
    1. Click Refresh Configuration, as prompted.
    2. In Actions, click Update Solr config-set for Ranger, then confirm.

Limiting solr spool directory growth

To limit stored audit logs, you may set a maximum limit on the solr spool directory size for each service.

  1. Manually delete the logs under the archive path for the service.
  2. Set the log retention value of the archive path from default 100 to 2 .
    1. In Cloudera Manager > <service_name> > Configuration > <service_name> Service Advanced Configuration Snippet (Safety Valve) for <service_name>.xml
    2. Click +
    3. Add the following parameter:
  3. Restart the service.