Audit Log Properties

A service or role Enable Audit Collection property controls whether the Cloudera Manager Agent tracks a service or role's audit log file.

The following properties apply to an audit log file:
  • Audit Log Directory - The directory in which audit log files are written. By default, this property is not set if Cloudera Navigator is not installed.

    A validation check is performed for all lifecycle actions (stop/start/restart). If the Enable Collection flag is selected and the Audit Log Directory property is not set, the validator displays a message that says that the Audit Log Directory property must be set to enable auditing.

    If the value of this property is changed, and service is restarted, then the Cloudera Manager Agent will start monitoring the new log directory for audit events. In this case it is possible that not all events are published from the old audit log directory. To avoid loss of audit events, when this property is changed, perform the following steps:

    1. Stop the service.
    2. Copy audit log files and (for Impala only) the impalad_audit_wal file from the old audit log directory to the new audit log directory. This needs to be done on all the hosts where Impala Daemons are running.
    3. Start the service.
  • Maximum Audit Log File Size - The maximum size of the audit log file before a new file is created. The unit of the file size is service dependent:
    • HDFS, HBase, Hive, Navigator Metadata Server, Sentry, Solr - MiB
    • Impala - lines (queries)
  • Number of Audit Logs to Retain - Maximum number of rolled over audit logs to retain. The logs will not be deleted if they contain audit events that have not yet been propagated to the Audit Server.

Enabling Audit Collection

  1. Do one of the following:
    • Click a supported service.
    • Do one of the following:
      • Select Clusters > Cloudera Management Service > Cloudera Management Service.
      • On the Status tab of the Home page, in Cloudera Management Service table, click the Cloudera Management Service link.
  2. Click the Configuration tab.
  3. Select Scope > ServiceName (Service-Wide).
  4. Select Category > Cloudera Navigator.
  5. Select the Enable Audit Collection checkbox.
  6. Click Save Changes to commit the changes.
  7. Restart the service.

Configuring Audit Logs

  1. Do one of the following:
    • Service - Click a supported service.
    • Navigator Metadata Server
      • Do one of the following:
        • Select Clusters > Cloudera Management Service > Cloudera Management Service.
        • On the Status tab of the Home page, in Cloudera Management Service table, click the Cloudera Management Service link.
  2. Click the Configuration tab.
  3. Select the scope according to the service:
    • All services except Impala - Select Scope > ServiceName (Service-Wide).
    • Impala - Select Scope > Impala Daemon.
    • Navigator Metadata Server - Select Scope > Navigator Metadata Server.
  4. Select Category > Logs.
  5. Configure the log properties. For Impala, preface each log property with Impala Daemon.
  6. Click Save Changes to commit the changes.
  7. Restart the service.