Audit Log Import and Review
Set up logs to roll daily
When creating a log file set the .ini file values below:
LogDirectory - the directory where the logs will be created
LogNamePattern - the fully qualifed path and name for the log files. The name should contain the %N pattern character to create unique names as the logs rollover
LogRotationInverval - set to 86400 to trigger the logs to roll over daily
LogRoatationSize - set to 2G to cause a roll over when the logs are very large daily
ServiceName - should be descriptive of the log process
ServiceType - set to logmonitor
SockPort - set the the port the appx engine will send the log information
The logs will automaticly roll over daily at the time the service is started (86400 seconds from when the ./appxAuditMgr -start <service name> is issued or the service is started from the operating system).
*Note: This feature does not appear to work at this time. The rollover will be done my a cron job that initiates a JOB in Appx that will roll the logs and import them.
Set up at the operating system
Install the logs-roll, logs-remove, and logs-compress files. These can be installed anywhere but a good location would be then $APPXPATH/../services directory. That location keeps all the log related items together in a common directory. These should be owned by root with the group set to appxgrp, and have the S bit set. The location path should be entered into the XML PARAM file.
Create a directory to store the logs. This should match the value set in the
LogDirectory set up in the .ini file mentioned above.This path should be entered into the XML PARAM file.
Create a directory to store the logs after they are imported and compressed. Enter this path into the XML PARAM file.
Place the script daily-audit-log-import.sh on the operating system. This script will start the Appx JOB to roll and import the logs. You may wish to create a scripts directory in the $APPXPATH/../ directory (at the same level as data and services) and place the script there. That way if the appx installation is moved the script would most likely move with it. Add an entry into the appx user's crontab to execute that script daily at a specified time.
Load the 1CH/vv and XML/vv applications into the APPX tree. A copy will need to be installed for each version where you want to have logging activated. Also load the data directories associated with the apps. Add the apps in System Administration and create files on each. Add the apps as related applications to your data base. Run Database Management for the apps to create the data files.
Logs should be separated by database. Each database will need to have a set of ports set up for logging that point to the location. The path for that location and the location to store the archived files need to be set up in the parameter file in each database.
--
GaryRogers - 2014-02-27