Skip to content

AuditServer with Kafka#

This topic covers how you can configure Kafka audit endpoint in AuditServer for the Ranger plugin to send the audits.

Prerequisites

Ensure the following prerequisites are met:

  • AuditServer must be configured. For more information, click here.

Configuration

  1. SSH to an instance as ${USER}.

  2. Run the following commands.

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.auditserver.kafka.destination.yml config/custom-vars/
    vi config/custom-vars/vars.auditserver.kafka.destination.yml
    
  3. Modify the properties. For property details and description, click here.

    AUDITSERVER_KAFKA_DESTINATION: "    <PLEASE_CHANGE>"
    AUDITSERVER_KAFKA_BROKER_LIST: "    <PLEASE_CHANGE>"
    AUDITSERVER_KAFKA_TOPIC_NAME: " <PLEASE_CHANGE>"
    AUDITSERVER_KAFKA_SECURITY_PROTOCOL: "  <PLEASE_CHANGE>"
    AUDITSERVER_KAFKA_SSL_KEYSTORE_LOCATION: "  <PLEASE_CHANGE>"
    AUDITSERVER_KAFKA_SSL_KEYSTORE_PASSWORD: "  <PLEASE_CHANGE>"
    AUDITSERVER_KAFKA_SSL_KEY_PASSWORD: "   <PLEASE_CHANGE>"
    AUDITSERVER_KAFKA_SSL_TRUSTSTORE_LOCATION: "    <PLEASE_CHANGE>"
    AUDITSERVER_KAFKA_SSL_TRUSTSTORE_PASSWORD: "    <PLEASE_CHANGE>"
    AUDITSERVER_KAFKA_SASL_JAAS_CONFIG: "   <PLEASE_CHANGE>"
    AUDITSERVER_KAFKA_SASL_MECHANISM: " <PLEASE_CHANGE>"
    AUDITSERVER_KAFKA_SASL_LOGIN_CALLBACK_HANDLER_CLASS: "  <PLEASE_CHANGE>"
    AUDITSERVER_KAFKA_OAUTH_TOKEN_ENDPOINT_URI: "   <PLEASE_CHANGE>"
    AUDITSERVER_KAFKA_OAUTH_WITH_SSL: " <PLEASE_CHANGE>"
    AUDITSERVER_OAUTH_ACCEPT_UNSECURE_SERVER: " <PLEASE_CHANGE>"
    AUDITSERVER_OAUTH_LOGIN_GRANT_TYPE: "   <PLEASE_CHANGE>"
    AUDITSERVER_KAFKA_OAUTH_CLIENT_ID: "    <PLEASE_CHANGE>"
    AUDITSERVER_KAFKA_OAUTH_CLIENT_SECRET: "    <PLEASE_CHANGE>"
    AUDITSERVER_KAFKA_BATCH_FILESPOOL_DIR:  "/workdir/privacera-audit-server/kafka-spool"
    
  4. Run the following commands.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update
    

Last update: July 23, 2021