com.cloudera.api.v4

Interface AuditsResource

All Known Subinterfaces:

AuditsResourceV10, AuditsResourceV8

public interface AuditsResource

Method Summary

Methods

Modifier and Type	Method and Description
ApiAuditList	readAudits(Integer maxResults, Integer resultOffset, String startTime, String endTime, String query) Fetch audit events from Cloudera Manager (CM) and CM managed services like HDFS, HBase, Impala and Hive.

Method Detail

readAudits

@Path(value="/")
ApiAuditList readAudits(Integer maxResults,
                           Integer resultOffset,
                           String startTime,
                           String endTime,
                           String query)

Fetch audit events from Cloudera Manager (CM) and CM managed services like HDFS, HBase, Impala and Hive.

By default, this call will fetch all audit events corresponding to a 1 day window based on provided end time (which defaults to the current CM server time). The startTime and endTime parameters can be used to control the window being queried.

Audit events for CM managed services are only retrieved if Cloudera Navigator server is running.

Parameters:

maxResults - Maximum number of audits to return

resultOffset - Offset of audits to return

startTime - Start of the period to query in ISO 8601 format (defaults to 1 day ago relative to endTime).

endTime - End of the period to query in ISO 8601 format (defaults to current time).

query - The query to filter out audits in the system. It accepts querying the intersection of a list of constraints, joined together with semicolons (without spaces). For example:

command==listStatus

looks for audits with listStatus command.

command==listStatus;username!=foo

looks for audits with listStatus command but excludes audits generated by foo username

command==listStatus;source==*oozie*

looks for audits with listStatus command and source that contains the string 'oozie'.

Following are valid selectors for the query (if applicable to the audit):

Selector	Description	SCM	HDFS	HBase	Hive	Impala
qualifier	Column qualifier			x
source	Source resource of the operation	x	x	x	x	x
hostIpAddress	Host IP Address	x
role	Cloudera Manager Role	x
service	Cloudera Manager Service	x	x	x	x	x
command	Operation name	x	x	x	x	x
username	User name	x	x	x	x	x
impersonator	Impersonator		x	x	x	x
family	Column family			x
table	Table name			x	x	x
database	Database name				x	x
ipAddress	IP Address		x	x	x	x
destination	Destination resource of the operation		x	x	x	x

The only supported operator is ";" (Boolean AND). Boolean OR is not supported.

The supported comparators are == and != Note that "LIKE" comparison is supported using the wild card syntax, for example foo==*value*. Asterisk is interpreted as a wild card character and must not be part of the value. (LIKE comparison queries are converted to standard SQL LIKE syntax, so any % (%25) character in a value that also contains a wild card will be interpreted as a wild card.)

Available since API v4.

Returns:

List of audits in descending order of timestamp