Setting up Ranger Auditing for Arcadia

Arcadia Auditing with Ranger can be configured through Ambari within the Arcadia configuration page, and also the Apache Infra configuration page:

Arcadia Configuration:

By default Arcadia will pull in currently active settings to determine if Ranger auditing has been enabled for Hive, and also if auditing is being logged to Solr or HDFS. If your environment is already using Ranger auditing you can leave these settings as they are most likely.

However, if you need to override these settings you can do so. For example if you need to enable Ranger auditing you can change the value of xasecure.audit.is.enabled to true :

<property>
  <name>xasecure.audit.is.enabled</name>
  <value>False</value>
</property>

To enable Solr logging for Arcadia, change xasecure.audit.destination.solr to true :

<property>
  <name>xasecure.audit.destination.solr</name>
  <value>True</value>
</property>

Otherwise to enable HDFS logging for Arcadia, change xasecure.audit.destination.hdfs to true and double check that the “arcadia” user has WRITE permissions in HDFS for the Ranger audit directory. By default this directory is /ranger/audit on HDFS.

<property>
  <name>xasecure.audit.destination.hdfs</name>
  <value>True</value>
</property>

Ambari Infra Configuration:

In the Ambari Infra configuration, you will also need to add the “arcadia” user to the list of Ranger audit service users. NOTE: There should not be any white spaces between the command and arcadia user (see below).