This topic describes how to view audit logs on the web user interface (UI) of Ranger.
Prerequisites
A Data Lake cluster is created and the Ranger service is selected when you create the cluster. For more information about how to create a cluster, see Create a cluster.
Procedure
- In the top navigation bar, click Audit. By default, the Access tab is displayed. You can view the following logs on the web UI of Ranger:
- Access logs
On the Access tab, you can view the access information of the components that are connected to Ranger. The following table describes the parameters.
Parameter Description Policy ID The ID of the Ranger policy that is triggered by the access. Policy Version The version of the Ranger policy that is triggered by the access. Event Time The time when the access occurred. User The user who accessed a service. Service The name and type of the Ranger service that is connected to the accessed service. Resource The information about the accessed data, such as the columns of a table in a Hive database and Hadoop Distributed File System (HDFS) paths. You can click the
icon to view the query information.
Access Type The type of the access. Permission The permissions that are required to support the access. Result The access result. Access Enforcer The enforcer that is used for access control. Valid values: ranger-acl and hadoop-acl. ranger-acl indicates that Ranger is used for access control, and hadoop-acl indicates that HDFS is used for access control. Note hadoop-acl is prioritized over ranger-acl. When HDFS authenticates a user, HDFS first checks the access control list (ACL) configured for HDFS. If an access control rule denies the access, HDFS checks the ACL configured for Ranger. You can determine whether the access is allowed or denied by hadoop-acl or ranger-acl.Agent Host Name The hostname of the Ranger plug-in that is used to support the access. Client IP The IP address of the client that sent the access request. - Admin logs
Click the Admin tab to view the access information of the components that are connected to Ranger.
- Logon session logs
Click the Login Sessions tab to view the logs that record logons to Ranger Admin.
- Plug-in logs
Click the Plugins tab to view the information about the interaction between Ranger plug-ins and Ranger Admin. The time when Ranger plug-ins synchronized policy information from Ranger Admin is displayed on the Plugins tab.
- Plug-in status logs
Click the Plugin Status tab to view the status of each Ranger plug-in. The following table describes the parameters.
Parameter Description Service Name The name of the Ranger service that is connected to the Ranger plug-in. Service Type The category of the Ranger service that is connected to the Ranger plug-in. Host Name The hostname of the agent that uses the Ranger plug-in. Plugin IP The IP address of the agent that uses the Ranger plug-in. Last Update The most recent time when a policy was updated. Download The most recent time when the Ranger plug-in downloaded a policy. Active The most recent time when the Ranger plug-in entered the active state. - User synchronization logs
Click the User Sync tab to view the user synchronization logs of the Ranger UserSync service. The following table describes the parameters.
Parameter Description Sync Source The source of the synchronized users. Valid values: Unix and LDAP/AD. Number Of New The numbers of added users and user groups. Number Of Modified The numbers of modified users and user groups. Event Time The time when the user was synchronized. In most cases, Unix users are synchronized at 5-minute intervals, and LDAP/AD users are synchronized at 1-hour intervals. Sync Details The details of the synchronized users.
- Access logs