Skip to content

Ranger Audit Filters

Overview

Apache Ranger provides a comprehensive platform for capturing access audit history and generating detailed reports, with advanced filtering capabilities based on multiple parameters. The audit filter feature enables the customization of collected and displayed audit data. By configuring these filters, you can specify the types of events, resources, and users to include or exclude from the audit logs. This functionality allows for a more targeted approach to auditing, ensuring that only the most relevant data is captured while minimizing the volume of generated logs.

Ranger audit filters configuration

In the Edit Service view, audit filters are presented as rows under the Audit Filter section. The configuration of these rows collectively defines the audit log policy for the corresponding service.

Steps to Configure Audit Filters

  1. In the Privacera Portal UI, navigate to Access Management > Resource Policies, and click Add New Service or Edit an existing service.
  2. On the Create/Edit Service page, scroll down to the Audit Filters section
  3. Ensure that the Customize Audit Filter option is checked.
  4. Optionally, define any of the following parameters to include in the filter definition:
  5. Is Audited: Specifies whether audit logs are stored.
    • Is Audited=Yes: Stores audit records in the defined audit destination.
    • Is Audited=No: Does not store audit records.
  6. Access Results: Filter by access results.
    • Denied: Filter access=denied.
    • Allowed: Filter access=allowed.
    • Not Determined: Filter all access results.
  7. Select Resource: Use Resource Details to include or exclude specific resources such as databases, tables, or columns.
  8. Operations: Select specific operations to filter.
  9. Permissions: Select specific permissions to filter.
  10. Select Role: Select specific roles to filter.
  11. Select Role: Select specific roles to filter.
  12. Select User: Select specific users to filter.
  13. Click Save.

Example of Audit Filter Configuration

Here is an example of default filter for privacera_hive service.

Privacera_hive Default Audit Filter

  1. Audits with Denied access results are stored.
  2. Audits with Operation METADATA_OPERATION are not stored.
  3. Audits with the operation SHOW_ROLES from users hive and hue are not stored.

With the above configuration, only the audit logs that meet the specified criteria will be stored.

Comments