Question & Answer
Question
I am using SSL in my Hortonworks cluster. How can I capture auditing events with Guardium?
Cause
The regular S-TAP cannot capture encrypted traffic in Hadoop.
Answer
If you are using IBM Security Guardium 10.1 or later releases with Hortonworks Hadoop, you can configure an integration with Apache Ranger to collect auditing events even if SSL encryption is used in the cluster. Ranger is how Hortonworks controls access and does native auditing. The attached deployment guides provide step by step instructions for the configuration and deployment.
For 10.1.2, there is a user interface to help you configure the solution. Please choose the correct deployment guide for your release of Guardium.
- For Guardium 10.1
- For Guardium 10.1.2 and above (updated on September 6, 2017)
Two Hadoop auditing configuration settings are missing from documentation.
Add the following steps to the install manual:
Configure Ranger plugin to write audit logs to log4j
HDFS
In section “Custom ranger-hdfs-audit” add:
xasecure.audit.destination.log4j=true
xasecure.audit.destination.log4j.logger=xaaudit
Hive
In section "Advanced ranger-hive-audit.xml" add:
xasecure.audit.destination.log4j=true
xasecure.audit.destination.log4j.logger=xaaudit
Configuring Ranger using the Python scripts is recommended over configuring Ranger from the GUI.
= = = = = =
Was this topic helpful?
Document Information
Modified date:
16 July 2018
UID
swg21987893