[ https://issues.apache.org/jira/browse/RANGER-2967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17196572#comment-17196572 ]
Yao edited comment on RANGER-2967 at 9/15/20, 10:10 PM: -------------------------------------------------------- Sure. I launched an AWS EMR cluster with Hive and installed the Ranger Hive Plugin with CloudWatch configured as audit destination. Here's the configuration in ranger-hive-audit.xml <property> <name>xasecure.audit.destination.amazon_cloudwatch</name> <value>true</value> </property> <property> <name>xasecure.audit.destination.amazon_cloudwatch.log_group</name> <value>test-log-group</value> </property> <property> <name>xasecure.audit.destination.amazon_cloudwatch.log_stream</name> <value>test-log-stream</value> </property> <property> <name>xasecure.audit.destination.amazon_cloudwatch.batch.filespool.dir</name> <value>NONE</value> </property> To install the hive plugin, just follow the guidance in Ranger git repo. Then, change the settings in install.properties like below. Finally, just enable the plugin. XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=\{true} XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=\{your cloudwatch log group name} XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=\{your log stream name} XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=\{file spool dir} By default, the Hive plugin will use the EC2 InstanceProfile to upload audit events to the log group that you configured. A unique log stream is generated whenever the plugin starts. To query the event, simply go CloudWatch Insights. In future, I would consider adding support to Ranger Admin Server so that it can query the events in CloudWatch Logs as well. Refs: AWS EMR - [https://aws.amazon.com/emr/] AWS CloudWatch Logs - [https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html] AWS CloudWatch Insights - [https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html] was (Author: yinnovation): Sure. I launched an EMR cluster with Hive and installed the ranger hive plugin with CloudWatch configured as audit destination. Here's the configuration in ranger-hive-audit.xml <property> <name>xasecure.audit.destination.amazon_cloudwatch</name> <value>true</value> </property> <property> <name>xasecure.audit.destination.amazon_cloudwatch.log_group</name> <value>test-log-group</value> </property> <property> <name>xasecure.audit.destination.amazon_cloudwatch.log_stream</name> <value>test-log-stream</value> </property> <property> <name>xasecure.audit.destination.amazon_cloudwatch.batch.filespool.dir</name> <value>NONE</value> </property> To install the hive plugin, just follow the guidance in ranger README. Then, change the settings in install.properties like below. Finally, just enable the plugin. XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=\{true} XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=\{your cloudwatch log group name} XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=\{your log stream name} XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=\{file spool dir} By default, the Hive plugin will use the EC2 InstanceProfile to upload audit events to the log group that you configured. A unique log stream is generated whenever the plugin starts. To query the event, simply go CloudWatch Insights. In future, I would consider adding support to Ranger Admin Server so that it can query the events in CloudWatch Logs as well. Refs: AWS EMR - [https://aws.amazon.com/emr/] AWS CloudWatch Logs - https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html AWS CloudWatch Insights - https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html > Add support for Amazon CloudWatch Logs as an Audit Store > -------------------------------------------------------- > > Key: RANGER-2967 > URL: https://issues.apache.org/jira/browse/RANGER-2967 > Project: Ranger > Issue Type: Improvement > Components: audit > Affects Versions: 2.0.0 > Reporter: Yao > Priority: Minor > Labels: newbie, patch-available > Attachments: > 0001-Add-support-for-Amazon-CloudWatch-Logs-as-an-Audit-S.patch > > Original Estimate: 168h > Remaining Estimate: 168h > > This change is to add CloudWatch Logs to the list of Ranger supported audit > stores. With this change, Ranger users will be allowed to configure their > plugins to send audit events to Amazon CloudWatch Logs. Further, customers > can query the events using Amazon CloudWatch Insights. > This functionality is built with a newly introduced audit destination > 'AmazonCloudWatchAuditDestination'. Ranger users can enable it in the way > similar to other types of audit destinations like Solr. -- This message was sent by Atlassian Jira (v8.3.4#803005)