[
https://issues.apache.org/jira/browse/RANGER-3615?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dhaval Shah updated RANGER-3615:
--------------------------------
Description:
Ref Doc:
https://blog.cloudera.com/auditing-to-external-systems-in-cdp-private-cloud-base/
Here's the example:
{code:java}
{"repoType":3,"repo":"hive","reqUser":"systest","evtTime":"2022-01-20
12:56:31.909","access":"USE","resource":"default","resType":"@database","action":"_any","result":1,"agent":"hiveServer2","policy":14,"enforcer":"ranger-acl","sess":"e162e0ad-717b-4934-9a50-6915de2268c3","cliType":"HIVESERVER2","cliIP":"172.27.27.131","reqData":"show
tables","agentHost":"pravinknox-2.pravinknox.root.site","logType":"RangerAudit","id":"d8c7d941-26b7-4390-85dd-4a51e716ae40-0","seq_num":1,"event_count":1,"event_dur_ms":1,"additional_info":"{\"remote-ip-address\":172.27.27.131,
\"forwarded-ip-addresses\":[]","cluster_name":"Cluster 1","policy_version":1}
{code}
Found some issue parsing the log due to a json format error there are basically
missing a '}' at the end of addition_info.
Code Ref:
https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java#L270
was:
Ref Doc:
https://blog.cloudera.com/auditing-to-external-systems-in-cdp-private-cloud-base/
Here's the example:
{code:java}
{"repoType":3,"repo":"cm_hive","reqUser":"systest","evtTime":"2022-01-20
12:56:31.909","access":"USE","resource":"default","resType":"@database","action":"_any","result":1,"agent":"hiveServer2","policy":14,"enforcer":"ranger-acl","sess":"e162e0ad-717b-4934-9a50-6915de2268c3","cliType":"HIVESERVER2","cliIP":"172.27.27.131","reqData":"show
tables","agentHost":"pravinknox-2.pravinknox.root.hwx.site","logType":"RangerAudit","id":"d8c7d941-26b7-4390-85dd-4a51e716ae40-0","seq_num":1,"event_count":1,"event_dur_ms":1,"additional_info":"{\"remote-ip-address\":172.27.27.131,
\"forwarded-ip-addresses\":[]","cluster_name":"Cluster 1","policy_version":1}
{code}
Found some issue parsing the log due to a json format error there are basically
missing a '}' at the end of addition_info.
Code Ref:
https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java#L270
> Issue with exported audit json builder while writing events to log4j
> --------------------------------------------------------------------
>
> Key: RANGER-3615
> URL: https://issues.apache.org/jira/browse/RANGER-3615
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Reporter: Dhaval Shah
> Assignee: Dhaval Shah
> Priority: Major
>
> Ref Doc:
> https://blog.cloudera.com/auditing-to-external-systems-in-cdp-private-cloud-base/
> Here's the example:
> {code:java}
> {"repoType":3,"repo":"hive","reqUser":"systest","evtTime":"2022-01-20
> 12:56:31.909","access":"USE","resource":"default","resType":"@database","action":"_any","result":1,"agent":"hiveServer2","policy":14,"enforcer":"ranger-acl","sess":"e162e0ad-717b-4934-9a50-6915de2268c3","cliType":"HIVESERVER2","cliIP":"172.27.27.131","reqData":"show
>
> tables","agentHost":"pravinknox-2.pravinknox.root.site","logType":"RangerAudit","id":"d8c7d941-26b7-4390-85dd-4a51e716ae40-0","seq_num":1,"event_count":1,"event_dur_ms":1,"additional_info":"{\"remote-ip-address\":172.27.27.131,
> \"forwarded-ip-addresses\":[]","cluster_name":"Cluster
> 1","policy_version":1}
> {code}
> Found some issue parsing the log due to a json format error there are
> basically missing a '}' at the end of addition_info.
> Code Ref:
> https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java#L270
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
