Balaji/Bosco, The policy did have auditing turned on. With the configuration Bosco provided I was able to figure it out...
When I created RangerBasePlugin I never set a RangerAccessResultProcessor, and then I was calling isAccessAllowed(request) also without a result processor. Once I set the result processor as RangerDefaultAuditHandler the events started hitting Solr and now I can see them through Ranger. Thanks for the help! -Bryan On Fri, Apr 22, 2016 at 3:59 PM, Don Bosco Durai <[email protected]> wrote: > > >[INFO]: No v3 audit configuration found. Trying v2 audit configurations > This doesn’t seem correct. Here are the properties for enabling Solr: > > <property> > <name>xasecure.audit.destination.solr</name> > <value>true</value> > </property> > > <property> > <name>xasecure.audit.destination.solr.batch.filespool.dir</name> > <value>/var/log/hadoop/hdfs/audit/solr/spool</value> (Update path to > your local spool. Will be used if solr is not available) > </property> > > <property> > <name>xasecure.audit.destination.solr.zookeepers</name> > <value>myzookeepr:2181/ranger_audits</value> > </property> > > > > If you are using standalone URL: > <property> > <name>xasecure.audit.destination.solr.urls</name> > <value>http://localhost:8666/rangeraudits</value> > </property> > > > > Thanks > > Bosco > > > > > > > > On 4/22/16, 12:14 PM, "Balaji Ganesan" <[email protected]> wrote: > > >Do you have a Ranger policy with auditing on ? > > > >On Fri, Apr 22, 2016 at 10:14 AM, Bryan Bende <[email protected]> wrote: > > > >> Hi all, > >> > >> I'm trying to test sending audit logs to Solr from my plugin... > >> > >> I verified I can get to Solr admin on > >> http://localhost:6083/solr/#/ranger_audits > >> > >> In my ranger-nifi-audit.xml I have: > >> > >> <property> > >> <name>xasecure.audit.solr.is.enabled</name> > >> <value>true</value> > >> </property> > >> > >> <property> > >> <name>xasecure.audit.solr.async.max.queue.size</name> > >> <value>1</value> > >> </property> > >> > >> <property> > >> <name>xasecure.audit.solr.async.max.flush.interval.ms</name> > >> <value>1000</value> > >> </property> > >> > >> <property> > >> <name>xasecure.audit.solr.solr_url</name> > >> <value>http://localhost:6083/solr/ranger_audits</value> > >> </property> > >> > >> Using the debugger I have verified the SolrAuditProvider connect() > method > >> is getting called and successfully creating an HttpSolrClient. > >> > >> Then I simulate an authorization request, but the log methods on > >> SolrAuditProvider never get called, and nothing gets sent to Solr. There > >> are no errors in the log. > >> > >> The console prints this during initialization: > >> > >> [INFO]: No v3 audit configuration found. Trying v2 audit configurations > >> [INFO]: SolrAuditProvider is enabled > >> [INFO]: AuditDestination() enter > >> [INFO]: init() called > >> [INFO]: BaseAuditProvider.init() > >> [INFO]: propPrefix=xasecure.audit.provider > >> [INFO]: Using providerName from property prefix. providerName=provider > >> [INFO]: providerName=provider > >> [INFO]: MultiDestAuditProvider: creating.. > >> [INFO]: AsyncAuditProvider(MySolrAuditProvider): creating.. > >> [INFO]: > >> > >> > MultiDestAuditProvider.addAuditProvider(providerType=org.apache.ranger.audit.provider.solr.SolrAuditProvider) > >> [INFO]: AsyncAuditProvider(MySolrAuditProvider).init() > >> [INFO]: MultiDestAuditProvider.init() > >> [INFO]: BaseAuditProvider.init() > >> [INFO]: propPrefix=xasecure.audit.provider > >> [INFO]: providerName=multi_dest > >> [INFO]: init() called > >> [INFO]: BaseAuditProvider.init() > >> [INFO]: propPrefix=xasecure.audit.provider > >> [INFO]: providerName=multi_dest.provider > >> [INFO]: ==> AsyncAuditProvider.run() > >> > >> Is there anything I am missing that would stop the events from being > sent > >> to Solr? > >> > >> Thanks, > >> > >> Bryan > >> > >
