This article explains the steps required to enable audit log for HiveServer2, so that all queries run through HiveServer2 will be audited into a central log file.
Please follow the steps below:
- Go to Cloudera Manager home page > Hive > Configuration
- Tick “Enable Audit Collection”
- Ensure “Audit Log Directory” location point to a path that has enough disk space
- Go to Cloudera Manager home page > click on “Cloudera Management Service” > Instances
- Click on “Add Role Instances” button on the top right corner of the page
- Choose a host for Navigator Audit Server & Navigator Metadata Server
- Then follow on screen instructions to finish adding the new roles
- Once the roles are added successfully, Cloudera Manager will ask you to restart a few services, including Hive
- Go ahead and restart Hive
After restarting, Hive’s audit log will be enabled and logged into /var/log/hive/audit directory by default.
Please note that you are not required start Navigator services, so if you don’t need them running, you can just leave them at STOP state, the Hive’s audit logs should still function as normal. However, it is a requirement to have Navigator installed for the audit log to function properly, as there are some libraries from Navigator are required for audit to work.