Viewing Audit Logs for File System, Table, and Stream Operations
Describes where MapR File System, MapR Database, and MapR Stream audit logs are stored and how to view them.
Operations on the MapR Data Platform file, database, and event data are captured and recorded in the audit logs. The operations take place within volumes and have effects at the level of the file system.
These audit logs are stored in a system volume created specifically to store them. This
volume is created automatically during cluster installations and upgrades. Operations
are logged on the nodes on which the operations are executed, which could differ from
the nodes where operations are initiated. Logs are stored in the file system at
/var/mapr/local/<node_name>/audit/
. By default, only root and the
cluster administrator (typically mapr
) can read the log files. To allow
other users to read the logs, set ACEs on the directory granting
readfile
(rf
), readdir
(rd
), and lookupdir
(ld
)
permissions to the users. For example:
~# hadoop mfs -setace -R -aces "rf:u:root|u:mapr|u:m7user1,rd:u:root|u:mapr|u:m7user1,ld:u:root|u:mapr|u:m7user1" /var/mapr/local/sample.qa.lab/audit/
Audit logs for operations on directories and files
Operations on directories and files, as well as the deletion of MapR Database tables, are logged in files that have this naming
convention: FSAudit.log.json-dd-mm-yyyy-<001-999>
To see what information is recorded in typical log entries, see Example Log Entries for Audited File System Operations.
Audit logs for operations on MapR Database tables and MapR Event Store For Apache Kafka
All operations on MapR Database tables and MapR Event Store For Apache Kafka are logged in files that have this naming
convention: DBAudit.log.json-dd-mm-yyy-<001-999>
Operations that result from maprcli commands, REST calls, or activity in MCS are also
logged in /opt/mapr/mapr-cli-audit-log/audit.log.json
on the local file
system of the nodes where the operations are processed.
To see what information is recorded in typical log entries, see Example Log Entries for Audited Operations on MapR Database Binary and JSON Tables.
FSAudit.log.json
, rather than in
DBAudit.log.json
.