Question & Answer
Question
According to the IBM Security Guardium official documentation, when performing the Hadoop integration using Hortonworks and Apache Ranger, the Hadoop administrator must setup a list of parameters in the log4j configuration in order to complete the integration.
One of these parameters is the "log4j.appender.guardlistener.RemoteHost".
Consider an environment where 2 S-TAPs are deployed;
- monitoring HBASE traffic and
- other for monitoring everything else.
Given the above conditions, the following question arises:
Where does the "log4j.appender.guardlistener.RemoteHost" parameter should be pointed to? localhost, the host where the S-TAP is installed (if so, which one(s)), or the Collector.
Cause
The question is particularly intriguing when performing an integration using the Guardium python script, and may become concerning when having multiple S-TAP hosts depending on the type of traffic.
Answer
The most important thing to remember when having a multiple S-TAP hosts Hadoop integration/environment, is that the log4j configuration is per Hadoop service, NOT per Hadoop cluster.
For example, having two S-TAP (A and B), if you wish HBase traffic to go to S-TAP "A" and all other traffic to go to S-TAP "B", then you simply need to specify the remote host log4j parameter as "A" when configuring HBase and the remote host as "B" when configuring all other services.
Related Information
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"Hadoop S-TAP, S-TAP, Collector","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
09 January 2019
UID
ibm10794345