Audit
Connecting Audit section to Solr
General Properties
Detemplate the file the ranger-indexima-audit.xml.
cp ranger-indexima-audit.xml.template ranger-indexima-audit.xml
Check and confirm the following properties:
| Property | Value |
|---|---|
| xasecure.audit.solr.is.enabled | true |
| xasecure.audit.solr.solr_url | Solr url server |
The following Solr schema must also be specified as follows:
<field name="logType" type="string" indexed="false" stored="true"/>
<field name="reason" type="string" indexed="false" stored="true"/>
<field name="repo" type="string" indexed="false" stored="true"/>
<field name="reqData" type="string" indexed="false" stored="true"/>
<field name="reqUser" type="string" indexed="false" stored="true"/>
<field name="resource" type="string" indexed="false" stored="true"/>
<field name="cliIP" type="string" indexed="false" stored="true"/>
<field name="result" type="pint" indexed="false" stored="true"/>
<field name="policy" type="pint" indexed="false" stored="true"/>
<field name="repoType" type="pint" indexed="false" stored="true"/>
<field name="resType" type="string" indexed="false" stored="true"/>
<field name="action" type="string" indexed="false" stored="true"/>
<field name="evtTime" type="string" indexed="false" stored="true"/> 
You need to restart your INDEXIMA CLUSTER for your modification to take effect.
Using Solr Audit with Kerberos
Make sure you collect the KERBEROS principal and the KERBEROS keytab information
Prepare a file jaas-client.conf in a location accessible to the INDEXIMA CLUSTER user with the collected information.
SolrJClient { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="/etc/security/keytabs/spnego.service.keytab" storeKey=true useTicketCache=true debug=true principal="HTTP/ns3615.co@INDEXIMA.COM"; };You must modify the following options in galactica/conf/galactica-env.sh
SOLR_JAAS_CLIENT_CONFIG_OPTION=-Djava.security.auth.login.config=/tmp/jaas-client.conf
# JVM options defined here will be set on the node server command line (start-node.sh)
NODESERVER_JVM_OPTIONS=${SOLR_JAAS_CLIENT_CONFIG_OPTION}
By only modifying galactica-env.sh script, indexima upgrades will be easier.
You can confirm the configuration by viewing the audit file generated by Solr as shown in the following screenshot
You need to restart your INDEXIMA CLUSTER for your modification to take effect.
Connecting Audit to HDFS
Edit the file conf/ranger-indexima-audit.xml
cp ranger-indexima-audit.xml.template ranger-indexima-audit.xml
Check and confirm the following properties:
| Property | Value |
|---|---|
| xasecure.audit.hdfs.is.enabled | true |
| xasecure.audit.hdfs.config.destination.directory | hdfs://NAMENODE:8020/ranger/audit/%app-type%/%time:yyyyMMdd% |
| xasecure.audit.hdfs.config.local.buffer.directory | Directory writeable by the user used to launch the INDEXIMA process. |
| xasecure.audit.hdfs.config.local.archive.directory | Directory writeable by the user used to launch the INDEXIMA process. |
The user who launches the Indexima process must be able to write in HDFS directories used by Ranger/Audit