yunyezhang-work opened a new pull request, #739: URL: https://github.com/apache/ranger/pull/739
## What changes were proposed in this pull request? The HDFS audit logs were not displaying on the Ranger UI. It was discovered that the HDFS audit logs were not being written to Elasticsearch. Enabling the debug logs in the HDFS plugin revealed an error related to the evtTime format. To understand the evtTime formats accepted by Elasticsearch, we enabled Hive auditing and found that the Hive audit logs were displayed correctly on the Ranger UI. Therefore, we modified ElasticSearchAuditDestination.java to ensure that the time format in the HDFS audit logs matched that of Elasticsearch. <img width="1209" height="697" alt="image" src="https://github.com/user-attachments/assets/9928c14d-cb34-4113-9c67-54c4876b6715"; /> ## How was this patch tested? To enable auditing, modify the Ranger and HDFS configurations: Ranger: ranger.audit.elasticsearch.bootstrap.enabled=true HDFS: xasecure.audit.is.enabled=true Executing the basic HDFS commands revealed that the corresponding audit information is not displayed in the Ranger UI. Modify `ElasticSearchAuditDestination.java`, then compile and package it. Replace the newly compiled `ranger-plugins-audit*.jar` file in the environment. Restart Ranger and execute the HDFS commands again. Now the Ranger UI displays the audit logs. Before fix: Only Hive audit logs are displayed. <img width="1209" height="523" alt="image" src="https://github.com/user-attachments/assets/bda80723-a97a-4f71-94f4-9c7a9f4a9aeb"; /> After fix: HDFS audit logs are also displayed correctly. <img width="1209" height="534" alt="image" src="https://github.com/user-attachments/assets/d3e54132-1369-4faf-8e5a-c9562e73aa90"; /> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
