[jira] [Comment Edited] (RANGER-2967) Add support for Amazon CloudWatch Logs as an Audit Store

Yao (Jira) Tue, 15 Sep 2020 15:11:25 -0700


    [ 
https://issues.apache.org/jira/browse/RANGER-2967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17196572#comment-17196572
 ]


Yao edited comment on RANGER-2967 at 9/15/20, 10:10 PM:
--------------------------------------------------------

Sure. I launched an AWS EMR cluster with Hive and installed the Ranger Hive 
Plugin with CloudWatch configured as audit destination. Here's the 
configuration in ranger-hive-audit.xml

<property>
 <name>xasecure.audit.destination.amazon_cloudwatch</name>
 <value>true</value>
 </property>
 <property>
 <name>xasecure.audit.destination.amazon_cloudwatch.log_group</name>
 <value>test-log-group</value>
 </property>
 <property>
 <name>xasecure.audit.destination.amazon_cloudwatch.log_stream</name>
 <value>test-log-stream</value>
 </property>
 <property>
 <name>xasecure.audit.destination.amazon_cloudwatch.batch.filespool.dir</name>
 <value>NONE</value>
 </property>

 

To install the hive plugin, just follow the guidance in Ranger git repo. Then, 
change the settings in install.properties like below. Finally, just enable the 
plugin. 

XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=\{true}
 XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=\{your cloudwatch log group name}
 XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=\{your log stream name}
 XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=\{file spool dir}

 

By default, the Hive plugin will use the EC2 InstanceProfile to upload audit 
events to the log group that you configured. A unique log stream is generated 
whenever the plugin starts. To query the event, simply go CloudWatch Insights. 
In future, I would consider adding support to Ranger Admin Server so that it 
can query the events in CloudWatch Logs as well.

 

Refs:

AWS EMR - [https://aws.amazon.com/emr/]

AWS CloudWatch Logs - 
[https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html]

AWS CloudWatch Insights - 
[https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html]


was (Author: yinnovation):
Sure. I launched an EMR cluster with Hive and installed the ranger hive plugin 
with CloudWatch configured as audit destination. Here's the configuration in 
ranger-hive-audit.xml

<property>
 <name>xasecure.audit.destination.amazon_cloudwatch</name>
 <value>true</value>
 </property>
 <property>
 <name>xasecure.audit.destination.amazon_cloudwatch.log_group</name>
 <value>test-log-group</value>
 </property>
 <property>
 <name>xasecure.audit.destination.amazon_cloudwatch.log_stream</name>
 <value>test-log-stream</value>
 </property>
 <property>
 <name>xasecure.audit.destination.amazon_cloudwatch.batch.filespool.dir</name>
 <value>NONE</value>
 </property>

 

To install the hive plugin, just follow the guidance in ranger README. Then, 
change the settings in install.properties like below. Finally, just enable the 
plugin. 

XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=\{true}
XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=\{your cloudwatch log group name}
XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=\{your log stream name}
XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=\{file spool dir}

 

By default, the Hive plugin will use the EC2 InstanceProfile to upload audit 
events to the log group that you configured. A unique log stream is generated 
whenever the plugin starts. To query the event, simply go CloudWatch Insights. 
In future, I would consider adding support to Ranger Admin Server so that it 
can query the events in CloudWatch Logs as well.

 

Refs:

AWS EMR - [https://aws.amazon.com/emr/]

AWS CloudWatch Logs - 
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html

AWS CloudWatch Insights - 
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html

> Add support for Amazon CloudWatch Logs as an Audit Store
> --------------------------------------------------------
>
>                 Key: RANGER-2967
>                 URL: https://issues.apache.org/jira/browse/RANGER-2967
>             Project: Ranger
>          Issue Type: Improvement
>          Components: audit
>    Affects Versions: 2.0.0
>            Reporter: Yao
>            Priority: Minor
>              Labels: newbie, patch-available
>         Attachments: 
> 0001-Add-support-for-Amazon-CloudWatch-Logs-as-an-Audit-S.patch
>
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> This change is to add CloudWatch Logs to the list of Ranger supported audit 
> stores. With this change, Ranger users will be allowed to configure their 
> plugins to send audit events to Amazon CloudWatch Logs. Further, customers 
> can query the events using Amazon CloudWatch Insights.
> This functionality is built with a newly introduced audit destination 
> 'AmazonCloudWatchAuditDestination'. Ranger users can enable it in the way 
> similar to other types of audit destinations like Solr.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Comment Edited] (RANGER-2967) Add support for Amazon CloudWatch Logs as an Audit Store

Reply via email to