Configuring Service Auditing
You can configure services to:
- Enable and disable auditing
- Exclude and include auditing of files and directories, users, and tables
- Coalesce auditing events based on operation attributes (time, operation name), user attributes (username) and object attributes (path, table name, and so on).
- Specify what action to take when the audit event queue is full
Service Auditing Properties
Each service that supports auditing configuration has the following properties:
- Enable collection - A flag to enable collection of audit events
- Event filter - A set of rules that capture properties of auditable events and actions to be performed when an event matches those properties
- Event tracker - A set of rules for tracking and coalescing events.
- Queue policy - The action to take when the audit event queue is full. When a queue is full and the queue policy of the service is Shutdown, before shutting down the service, N audits will be discarded, where N is the size of the Cloudera Navigator Server queue.
The Event Filter and Event Tracker rules for filtering and coalescing events are expressed as JSON objects. For information on the structure of the objects, see the description on the configuration screen.