gateway audit logs feature update

Author: hrasheed-msft

articles/hdinsight/domain-joined/hdinsight-security-overview.md

@@ -48,7 +48,7 @@ Auditing of all access to the cluster resources, and the data, is necessary to t
 
 The admin can view and report all access to the HDInsight cluster resources and data. The admin can also view and report all changes to the access control policies created in Apache Ranger supported endpoints. 
 
-To access Apache Ranger and Ambari audit logs as well as ssh access logs, [enable Azure Monitor](../hdinsight-hadoop-oms-log-analytics-tutorial.md) and view the related auditing records.
+To access Apache Ranger and Ambari audit logs as well as ssh access logs, [enable Azure Monitor](../hdinsight-hadoop-oms-log-analytics-tutorial.md#cluster-auditing) and view the tables that provide auditing records.
 
 ### Encryption
 

articles/hdinsight/hdinsight-hadoop-oms-log-analytics-tutorial.md

@@ -105,6 +105,15 @@ Because the cluster is a brand new cluster, the report doesn't show any activiti
 
 Azure monitor also supports collecting and analyzing performance metrics for the nodes in your cluster. For more information on enabling and configuring this feature, see [Linux performance data sources in Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/platform/data-sources-performance-counters#linux-performance-counters).
 
+## Cluster auditing
+
+HDInsight support cluster auditing with Azure Monitor logs, by importing the following types of logs:
+
+* `log_gateway_audit_CL` - this table provides audit logs from cluster gateway nodes that show successful and failed login attempts.
+* `log_auth_CL` - this table provides SSH logs with successful and failed login attempts.
+* `log_ambari_audit_CL` - this table provides audit logs from Ambari.
+* `log_ranger_audti_CL` - this table provides audit logs from Apache Ranger on ESP clusters.
+
 ## Next steps
 
 * [Query Azure Monitor logs to monitor HDInsight clusters](hdinsight-hadoop-oms-log-analytics-use-queries.md)