E-MapReduce:View Ranger audit logs

Prerequisites

A cluster of a version that is earlier than EMR V5.11.0 or EMR V3.45.0 is created, and Ranger is selected for the cluster. For more information about how to create a cluster, see Create a cluster.

Procedure

1. Access the web UI of Ranger. For more information, see Access the web UI of Ranger.
2. In the top navigation bar, click Audit.
   By default, the Access tab is displayed. You can view the following logs on the web UI of Ranger:

   • Access logs

     On the Access tab, you can view the access information of the components that are connected to Ranger. The following table describes the parameters.

     Parameter	Description
     Policy ID	The ID of the Ranger policy that is triggered by the access.
     Policy Version	The version of the Ranger policy that is triggered by the access.
     Event Time	The time when the access occurred.
     User	The user who accessed a service.
     Service	The name and type of the Ranger service that is connected to the accessed service.
     Resource	The information about the accessed data, such as the columns of a table in a Hive database and Hadoop Distributed File System (HDFS) paths. You can click the icon to view the query information.
     Access Type	The type of the access.
     Permission	The permissions that are required to support the access.
     Result	The access result.
     Access Enforcer	The enforcer that is used for access control. Valid values: ranger-acl and hadoop-acl. ranger-acl indicates that Ranger is used for access control, and hadoop-acl indicates that HDFS is used for access control. Note hadoop-acl is prioritized over ranger-acl. When HDFS authenticates a user, HDFS first checks the access control list (ACL) configured for HDFS. If an access control rule denies the access, HDFS checks the ACL configured for Ranger. You can determine whether the access is allowed or denied by hadoop-acl or ranger-acl.
     Agent Host Name	The hostname of the Ranger plug-in that is used to support the access.
     Client IP	The IP address of the client that sent the access request.

   • Admin logs

     Click the Admin tab to view the access information of the components that are connected to Ranger.

   • Logon session logs

     Click the Login Sessions tab to view the logs that record logons to Ranger Admin.

   • Plug-in logs

     Click the Plugins tab to view the information about the interaction between Ranger plug-ins and Ranger Admin. The time when Ranger plug-ins synchronized policy information from Ranger Admin is displayed on the Plugins tab.

   • Plug-in status logs

     Click the Plugin Status tab to view the status of each Ranger plug-in. The following table describes the parameters.

     Parameter	Description
     Service Name	The name of the Ranger service that is connected to the Ranger plug-in.
     Service Type	The category of the Ranger service that is connected to the Ranger plug-in.
     Host Name	The hostname of the agent that uses the Ranger plug-in.
     Plugin IP	The IP address of the agent that uses the Ranger plug-in.
     Last Update	The most recent time when a policy was updated.
     Download	The most recent time when the Ranger plug-in downloaded a policy.
     Active	The most recent time when the Ranger plug-in entered the active state.

   • User synchronization logs

     Click the User Sync tab to view the user synchronization logs of the Ranger UserSync service. The following table describes the parameters.

     Parameter	Description
     Sync Source	The source of the synchronized users. Valid values: Unix and LDAP/AD.
     Number Of New	The numbers of added users and user groups.
     Number Of Modified	The numbers of modified users and user groups.
     Event Time	The time when the user was synchronized. In most cases, Unix users are synchronized at 5-minute intervals, and LDAP/AD users are synchronized at 1-hour intervals.
     Sync Details	The details of the synchronized users.