Maintaining Navigator Audit Server
When you have Cloudera Navigator running, Navigator Audit Server is enabled by default. Audits are enabled for all supported services, including HDFS, Hive, Impala, Hue, HBase, Sentry, and Solr as well as Cloudera Manager and Navigator itself. Events are retained for 90 days with some default filters defined.
Because the default settings may not work for all environments, we recommend that you review your Navigator Audit Server setup to review these three areas:
- What events are collected?
- Default filters remove some service-to-service events. However, you should check to make sure that the role names used in the filters match what's used in your system.
- How long are events retained?
- To determine the best expiration period for events in your audit system, consider the volume of incoming events, the disk space available for the audit database, and how your organization is using the audits from the Navigator console or API.
- How are events archived?
- Mot organizations keep audit events in storage well after they are useful for casual queries through the Navigator console. Your archiving solution should balance the effort required to access archived audit data with the cost of implementing your archiving system. Be sure that whatever system you design can handle the volume of audits you intend to maintain.
This Navigator YouTube video gives an overview of the audit tuning process and some database queries and other techniques that will help you make sure your audit system is working well.