一、CM开启Hbase审计日志
1. 配置hbase-site.xml
<property>
<name>hbase.security.authentication</name>
<value>simple</value>
</property>
<property>
<name>hbase.security.authorization</name>
<value>true</value>
</property>
<property>
<name>hbase.coprocessor.master.classes</name>
<value>org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
<property>
<name>hbase.coprocessor.region.classes</name>
<value>org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
<property>
<name>hbase.rpc.engine</name>
<value>org.apache.hadoop.hbase.ipc.SecureRpcEngine</value>
</property>
<property>
<name>hbase.coprocessor.regionserver.classes</name>
<value>org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
2.配置log4j
hbase.security.log.file=SecurityAuth.audit
hbase.security.log.maxfilesize=256MB
hbase.security.log.maxbackupindex=20
log4j.appender.RFAS=org.apache.log4j.RollingFileAppender
log4j.appender.RFAS.File=${hbase.log.dir}/${hbase.security.log.file}
log4j.appender.RFAS.MaxFileSize=${hbase.security.log.maxfilesize}
log4j.appender.RFAS.MaxBackupIndex=${hbase.security.log.maxbackupindex}
log4j.appender.RFAS.layout=org.apache.log4j.PatternLayout
log4j.category.SecurityLogger=TRACE,RFAS
log4j.appender.RFAS.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n
log4j.additivity.SecurityLogger=false
log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController=TRACE
log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.visibility.VisibilityController=INFO
二、监控日志文件
在CM中找到活动master所在机器并连接
进入log文件夹:
cd /opt/cloudera/parcels/CDH-6.2.1-1.cdh6.2.1.p0.1425774/lib/hbase/logs
监控日志文件:
tail -f SecurityAuth.audit
三、Hbase建表
hbase shell
create 'logstash1','info'
put 'logstash1','1003','info:hbase','warn'
put 'logstash1','1005','info:hive','warn'
put 'logstash2','1013','info:hdfs','DEBUG'
put 'logstash3','1012','info:hbase','DEBUG'
disable 'logstash1'
drop 'logstash1'
list_namespace_tables 'default'
list_namespace_tables 'hbase'
revoke 'hadoop','logstash3'
revoke 'root','@default'
grant 'root','RWXCA','@default'
grant 'root','W','@default'
user_permission 'logstash3'
user_permission '@default'