Viewing Ranger Audit Information

Viewing Ranger Audit Information

1. Log in to the Ranger web UI as the Ranger administrator rangeradmin. For details, see Logging In to the Ranger Web UI.
2. Choose Audit to view the audit information. For details about each tab page, see Table 1. If there are a large number of audit records, you can filter them in the search box by keyword.

   Table 1 Audit information

   Tab	Description
   Access	Currently, MRS does not support online query of audit logs of component resources. You can log in to the component installation node and access /var/log/Bigdata/audit to view audit logs of each component. result: policy verification result. The value 0 indicates that the policy is rejected, and the value 1 indicates that the policy is approved. policy: ID of the applied policy. The value is the same as the value of Policy ID on the page. If the value is -1, no policy is matched. action: operation permission, which corresponds to the operation permission selected in Permissions for the policy. access: operation to be performed. Available values for each component are different.
   Admin	Audit information about operations on Ranger, such as creating, updating, and deleting security access policies, creating and deleting component permission policies, and creating, updating, and deleting roles.
   Login Sessions	Session audit information about users who log in to Ranger.
   Plugins	Component permission policy information in Ranger.
   Plugin Status	Audit information about synchronization of the permission policy of each component node.
   User Sync	Audit information about synchronization between Ranger and LDAP users.