Install and configure S-TAPs for Ranger integration.
Procedure
-
Install S-TAPs and enable them for the Ranger integration.
You may need more than one S-TAP to handle the traffic, for example configure one S-TAP on the
name node for HDFS, Hive and Kafka traffic and one S-TAP on the HBASE master node for all HBase
traffic.
-
Configure guard_tap.ini for auditing.
-
Open guard_tap.ini in a text editor.
You must edit the file directly, as there is no UI or GIM support for these settings.
-
Add the parameters listed below.
Update the values to reflect your
system.
; Settings for log4j
logging log4j_reader_enabled=1
log4j_port=5555
log4j_listen_address=0.0.0.0
; Maximum number of connections to support from the log4j service
log4j_num_connections=50
-
Restart the S-TAP after updating any settings.
What to do next
Install Guardium and Ranger policies. For monitoring and auditing, there is virtually no
difference in policy rules when using Ranger than when using standard S-TAP monitoring for
Hadoop. For more information, see IBM
Security Monitoring and Blocking for Hortonworks Hadoop Using Apache Ranger
Integration.