Linux-UNIX: Install and configure S-TAPs

Install and configure S-TAPs for Ranger integration.

Before you begin

Review Linux-UNIX: Planning the integration with Hortonworks and Apache Ranger for information about S-TAP requirements and deployment options.

Procedure

  1. Install S-TAPs and enable them for the Ranger integration.
    You may need more than one S-TAP to handle the traffic, for example configure one S-TAP on the name node for HDFS, Hive and Kafka traffic and one S-TAP on the HBASE master node for all HBase traffic.
  2. Configure guard_tap.ini for auditing.
    1. Open guard_tap.ini in a text editor.
      You must edit the file directly, as there is no UI or GIM support for these settings.
    2. Add the parameters listed below.
      Update the values to reflect your system.
      ; Settings for log4j 
      logging log4j_reader_enabled=1 
      log4j_port=5555
      log4j_listen_address=0.0.0.0 
      ; Maximum number of connections to support from the log4j service
      log4j_num_connections=50
    3. Restart the S-TAP after updating any settings.

What to do next

Install Guardium and Ranger policies. For monitoring and auditing, there is virtually no difference in policy rules when using Ranger than when using standard S-TAP monitoring for Hadoop. For more information, see IBM Security Monitoring and Blocking for Hortonworks Hadoop Using Apache Ranger Integration.