Configuring Service Auditing

You can configure services to:

  • Enable and disable auditing
  • Exclude and include auditing of files and directories, users, and tables
  • Coalesce auditing events based on operation attributes (time, operation name), user attributes (username) and object attributes (path, table name, and so on).
  • Specify what action to take when the audit event queue is full

Service Auditing Properties

Each service that supports auditing configuration has the following properties:

  • Enable collection - A flag to enable collection of audit events
  • Event filter - A set of rules that capture properties of auditable events and actions to be performed when an event matches those properties
  • Event tracker - A set of rules for tracking and coalescing events.
  • Queue policy - The action to take when the audit event queue is full. When a queue is full and the queue policy of the service is Shutdown, before shutting down the service, N audits will be discarded, where N is the size of the Cloudera Navigator Server queue.

The Event Filter and Event Tracker rules for filtering and coalescing events are expressed as JSON objects. For information on the structure of the objects, see the description on the configuration screen.

Configuring Service Auditing Properties

  1. Click an HDFS, HBase, or Hive service.
  2. Select Configuration > View and Edit.
  3. Click the Cloudera Navigator category. The Service-Wide properties display.
  4. Edit the properties and click Save Changes.