MapR 5.1 is at End of Life (EOL) and no longer supported. Please see the latest documentation. This documentation is not being updated.

Home
5.1 Reference
This section provides information about development content including MapR-FS and MapReduce development topics and reference content.
Reference Guide
maprcli and REST API Syntax
audit
Describes commands used to audit operations related to cluster management and data access.
audit data
Enables and disables auditing of filesystem and table operations.

MapR 5.1 Documentation

5.1 Reference
This section provides information about development content including MapR-FS and MapReduce development topics and reference content.
- Development Guide
- Reference Guide
  - MapR Control System
  - Hadoop Commands
  - HBase Shell for MapR-DB
    You can manage MapR-DB tables using HBase shell commands and additional HBase shell commands included in the MapR distribution of Hadoop.
  - YARN commands
  - maprcli and REST API Syntax
    - Overview
      Each command reference page includes the command syntax, a table that describes the parameters, and examples of command usage.
    - acl
      Describes the acl commands used to access control lists (ACLs).
    - alarm
      Describes the alarm commands that perform functions related to system alarms.
    - audit
      Describes commands used to audit operations related to cluster management and data access.
      - audit cluster
        Enables and disables auditing of operations that are related to the administration of a MapR cluster.
      - audit data
        Enables and disables auditing of filesystem and table operations.
      - audit info
        Displays whether auditing of cluster-management operations and auditing data-access operations are enabled. Also, displays the maxSize and retention values for these two levels of auditing.
    - blacklist
      Describes commands used to blacklist and to list blacklisted users.
    - cluster
      Manages cluster features, gateways, and cluster-wide settings.
    - config
      Manages configuration values for the MapR cluster.
    - dashboard info
      Displays a summary of information about the cluster.
    - dialhome
    - disk
      Describes command for working with disks.
    - dump
      Returns key information about volumes, containers, storage pools, and MapR cluster services for debugging and troubleshooting.
    - entity
      Manages entities (users and groups).
    - fid
      Displays information about MapR-DB or file-system components that are identified by a FID.
    - job
      Manages Hadoop jobs running on the cluster.
    - license
      Manages MapR licenses.
    - nagios generate
      Generates a Nagios Object Definition file that describes the cluster nodes and the services running on each.
    - nfsmgmt
      Refreshes NFS exports and server cache.
    - node
      Manages nodes in the cluster
    - rlimit
      Manages resource usage limits for the cluster.
    - schedule
      Manages schedules.
    - service list
      Lists all services on the specified node, the memory allocated for each service, the state of each service, and log path for each service.
    - setloglevel
      Sets log level on individual services.
    - stream
      Manages stream functionality.
    - table
      Performs functions related to MapR-DB tables.
    - task
      Manipulates information about the Hadoop jobs that are running on your cluster.
    - trace
      Lets you view and modify the trace buffer, and the trace levels for the system modules.
    - urls
      Displays the status page URL for the specified service.
    - virtualip
      Manages virtual IP addresses for NFS nodes.
    - volume
      Manages volumes, snapshots and mirrors.
  - Alarms Reference
  - Utilities
  - Default MapR Configurations
  - Configuration Files
  - MapR Environment
  - MapR Parameters
  - Best Practices
  - Language Support for MapR-DB Tables
  - Glossary
    This section contains defintions for commonly used terms in MapR Converged Data Platform environments.
  - Source Code for MapR Software
- Glossary
  This section contains defintions for commonly used terms in MapR Converged Data Platform environments.

audit data

Enables and disables auditing of filesystem and table operations.

For a list of these operations, see Auditing of Filesystem Operations and Table Operations.

Only the mapr user for the cluster can run this command. For more information about the mapr user, see Managing Users and Groups.

Syntax

CLI

maprcli audit
[ -cluster cluster_name ] 
[ -enabled <true | false> ]
[ -maxsize <GB> ]
[ -retention <number of days> ] 
[ -coalesce <number of minutes> ]

REST

http[s]://<host>:<port>/rest/audit/data?enabled=<true | false>&maxSize=<GB>&retention=<number of days>

Parameters

Parameter	Description
cluster	The path and name of a remote MapR cluster.
enabled	The value `true` enables auditing, the value `false` disables it.
maxsize	The size in GB at which an alarm is sent to the dashboard in the MapR Control Service. The alarm is to notify the cluster administrator that the audit log is becoming large enough that the administrator might want to take action. For more information about this parameter, the alarm, and possible actions to take, see Managing Audit Logs for Filesystem and Table Operations. The audit log continues to grow until the administrator takes action or until the retention period ends. The default value is 32.
retention	The period of time in days for which to keep the data in the audit log for the data access. After this period elapses, the content of the file is deleted and new entries are added to the file until the next retention period elapses.
coalesce	Sets an interval during which READ, WRITE, or GETATTR operations on one file from one client IP address are logged only once. For example, suppose that a client application reads a single file three times in 6 minutes, so that there is one read at 0 minutes, another at 3 minutes, and a final read at 6 minutes. If the coalesce interval is at least 6 minutes, then only the first read operation is logged. However, if the interval is between 4 minutes, then only the first and third read operations are logged. If the interval is 2 minutes, all three read operations are logged. You can set this interval on individual volumes. The default value is 60 minutes. Setting this field to a larger number helps prevent audit logs from growing quickly.