Storing Ranger Audit Logs in Tencent Cloud ElasticSearch
最終更新日:2025-01-03 15:02:25
Prerequisites
1. Supports Ranger 2.1.0 and later versions, corresponding to EMR-2.7.0, EMR-3.2.1, and later.
2. Prepare a Tencent Cloud ElasticSearch cluster. For the creation process, see Creating ES cluster.
Capacity reference: Assuming the size of a single Hive SQL query is 1 KB, a single record will be approximately 20 KB, meaning 1 GB can store around 52,428 Hive SQL records.
3. Open port 9200 in the security group, allowing only private network access, requiring that the EMR cluster and ElasticSearch cluster are in the same VPC.
4. Example: Key information for the ElasticSearch cluster:
Username: elastic
Password: MyPassword
Private IP address: 10.206.48.118
Port: 9200
Protocol: http
EMR Console Directions
1. Log in to the EMR Console and go to Cluster Services > RANGER > Configuration Management > ranger-admin-site.xml file. Modify the configuration items as follows:
ranger.audit.source.type = elasticsearchranger.audit.elasticsearch.user = elasticranger.audit.elasticsearch.password = MyPasswordranger.audit.elasticsearch.urls = 10.206.48.118ranger.audit.elasticsearch.protocol = httpotranger.audit.elasticsearch.port = 9200ranger.audit.elasticsearch.index = ranger_auditsranger.audit.elasticsearch.bootstrap.enabled = true
2. Restart the Ranger service role EmbeddedServer.
3. Take HIVE as an example (other services are similar). Go to Cluster Services > HIVE > Configuration Management and modify the ranger-hive-audit.xml file with the following configuration, ensuring the values are consistent with those in the ranger-admin-site.xml file.
ranger.audit.source.type = elasticsearchranger.audit.elasticsearch.user = elasticranger.audit.elasticsearch.password = MyPasswordranger.audit.elasticsearch.urls = 10.206.48.118ranger.audit.elasticsearch.protocol = httpotranger.audit.elasticsearch.port = 9200ranger.audit.elasticsearch.index = ranger_auditsranger.audit.elasticsearch.bootstrap.enabled = true
4. Restart the HIVE role HiveServer2。
フィードバック