Linux-UNIX: Validate and troubleshoot the Cloudera configuration

Check that the Cloudera configuration successfully captures traffic.

Procedure

  1. Go to the S-TAP Status Monitor page and verify that the S-TAP is still green. (Inspection engine verification is not supported for Hadoop sources, so that is always Unverified.)
  2. Install a Guardium policy, or use the default policy, then run some simple HDFS or Hive commands on the Cloudera cluster and see if you can see the traffic in a report or, after a bit of time, in the investigation dashboard.
  3. Troubleshooting: If you are not seeing traffic from Navigator, check the following:
    • In Cloudera Manager, verify that auditing is enabled for each service you want to monitor.
    • Is integration enabled? Check the S-TAP configuration to make sure that the kafka_reader_enabled=1.
    • Is the Kerberos principal and path correct?
    • Are the Kafka bootstrap servers up and running?
    • If TLS is checked in the GUI, verify that Kafka is setup for TLS, and vice versa. Also verify that TLS on the Kafka is not configured with client authentication required.
    • Double check your Guardium policy to make sure you are logging the traffic you expect to see from Navigator.
    • Check your report to see if you have defined it correctly. (Server type group, now –n days, and so on.)