This section covers the preparatory configuration: the Navigator auditing component,
verifying that TLS/SSL is configured correctly for Kafka, installing S-TAP on a
server
Procedure
Configure the Navigator auditing component.
If you do not already have Navigator configured to audit the supported services as normal,
without Guardium, refer to Cloudera documentation for more information about setting that up. Be
aware that you may need to specifically enable the configuration for each service, depending on the
level of Cloudera that you have. Solr auditing is disabled by default. You must enable it following
the instructions in the Cloudera documentation.
To get Impala traffic, you need to enable Impala Daemon auditing as described in the Cloudera
documentation. Here’s a screenshot from the Impala service configuration in Cloudera Manager that
shows Impala audit event generation is enabled.
Verify that TLS/SSL is configured correctly for Kafka.
The Kafka cluster you use for producing Cloudera audit events must not be configured with
required SSL client authentication. In Cloudera Manager, go
to Kafka > Configuration > SSL
client authentication and choose the none or requested radio button.
Install the S-TAP on the
designated server inside or outside of the Hadoop cluster.
Verify connectivity between the S-TAP and the
Guardium system. The S-TAP status should
be green in the S-TAP Status Monitor page. Go to
Manage > System View > S-TAP Status
Monitor.