Lab 1: Auditing Dashboard

/

Scenario

View auditing health status
View and change auditing configuration
/

Objectives

In this lab, you will:
Learn how to use Auditing Dashboard
Learn how to detect problems and troubleshoot auditing
Learn to identify incorrectly configured client auditing
Properly configure client auditing
Learn to identify servers with auditing events in the queue
Configure the location of auditing temporary files
Configure ADS
Configure older events auto-deletion
Change auditing level
Enable and disable auditing events
Enable and disable auditing event details

Before you start this lab, please make sure to view the available auditing presentations and documents. It is important to fully understand the information described in the presentations and auditing documents BEFORE you start this workshop.

Perform the following steps as described in order:

Auditing Dashboard

  1. Login to the CMC as your train-XX user.
  2. Navigate to the Auditing tab. This takes you to the Auditing Dashboard, which is the central location to configure auditing for the entire system. It is also a central place to see the status of auditing.

Checking auditing status

/

Scenario

View auditing health status
/

Objectives

Learn how to use the Status Summary section of Auditing Dashboard
Learn how to detect problems and troubleshoot auditing
  1. Notice the Status Summary area of the Auditing Dashboard. Ensure that no warnings are displayed.
  1. Ensure that the ADS Last Updated On field shows a recent timestamp (for example not older than 10 minutes ago). This field indicates when the last polling interval started. Events newer than this time are not loaded in ADS yet. If the timestamp is older than 2 hours then the field appears on a yellow background.
    If this state persists and you consider the delay too long, either update your deployment to allow the ADS database to receivedata at a higher rate (faster network connections or more powerful databasehardware for example), or decrease the number of auditing events yoursystem tracks.
    Note: You can get the exact date/time up to which all events are loaded into ADS. Use values stored in ADS as follows:
    ADS_Auditee (for values specific to auditee): Retrieved_Events_Completed_By and Potentially Incomplete Data columns.
    ADS_Cluster (for cluster level values): Retrieved_Events_Completed_By and Potentially Incomplete Data columns.
    Please see the Auditing documentation for more information.
  2. Click the Refresh button. Repeat once every 30 seconds until you notice a change in the timestamp.
  1. Notice the Auditing Thread Utilization (%) field. It shows the percentage of the polling cycle the auditor CMS spends collecting data from auditees. The remainder is time spent resting between polls.
    If the utilization reaches 100%, the figure is displayed in yellow. Thismeans that the auditor is still collecting data from the auditees when the next poll is due to begin. This may cause delays in the events reaching the ADS.
    If the utilization reaches 100% frequently or persistently, it is recommendedto either update your deployment to allow the ADS database to receive data at a higher rate (faster network connections or more powerful database hardware for example), or decrease the number of auditing events your system tracks.
  2. Notice the Last Polling Cycle Duration (seconds) field.This shows the duration of the last polling cycle in seconds. This indicates the maximum delay for event data to reach the ADS during the previous polling cycle. If the value is under 20 minutes then it appears on a green background, between 20 and 120 minutes on a yellow background, and over 2 hours on a red background.

  1. Ensure that a CMS server name follows the CMS Auditor field in the Status Summary area.This indicates that CMS successfully connects to ADS. If this field is empty it indicates that the CMS auditor is not properly configured and it will not collect auditing events. Usually if the CMS Auditor field is empty it indicates an issue with ADS database configuration.
    Later in this lab you will learn about ADS configuration. For now remember that if this field is empty it means there are no auditors in the cluster and no auditing events are collected from auditees. If you need auditing then this situation must be fixed.
  2. Ensure that in the Status area,ADSDatabase Connection Namepoints to your local auditing DB.

Client auditing troubleshooting and configuration

/

Scenario

Properly configure client auditing
View client auditing health status
/

Objectives

In this section, you will:
Learn to identify incorrectly configured client auditing
Properly configure client auditing
  1. To enable client auditing (events sent by clients) you must have at least one Adaptive Processing Server (“APS”) with Client Auditing Proxy Service (“CAPS”).
    General recommendation (not to be executed in this lab): For high availability and load balancing it is highly recommended to have at least 2 APS servers with CAPS services, with each APS to be hosted on a different machine to minimize the effect of hardware failure. It is critical to have at least one CAPS always available, otherwise client events will be lost. Also make sure that each APS request port is open in the firewall between clients and APS to allow client events to be delivered to CAPS. Also the CMSs ports must be open in the firewall between CMSs and clients.
    The preinstalled APS hosts CAPS. Instead of using a pre-installed APS with CAPS, it is recommended to create a new APS dedicated only to Client Auditing Proxy Service (CAPS). This will significantly improve performance and high availability.
  2. From the CMC Server Management page stop theAdaptiveProcessingServer.
  3. Navigate to the CMC Auditing dashboard. Notice the following warning: Warning: Client auditing is unavailable.This indicates that events from clients currently cannot be received(such as InfoView, CMC, Web Intelligence Rich Client and so on) and will be lost.

  1. Start the AdaptiveProcessingServer.
  2. After the server starts, navigate to the Auditing Dashboard.

Notice that the “Client auditing is unavailable” message no longer appears.

  1. Return to the Server Management page.
  2. Right-click the Adaptive Processing Serverand select Metrics.
    Notice that in theClient Auditing Proxy Service Metrics section there is a new metric labelled Number of Audit Events Received Since Server Startup. It shows how many client events were routed through this Client Auditing Proxy Service. On a busy system and on a long running server this number would not be 0.
  3. Right-click theCentral Management Server and selectMetrics.
    Notice the Current Number of Auditing Events in the Queuemetric. This shows the number of events in the server queue. Other servers supporting auditing have similar metrics. Do not stop servers until this metric reaches 0, otherwise you will get some events stuck in the server queue. They will not reach ADS until after the server is started again. In this case the following warning will be displayed on auditing dashboard:“ Warning: Auditing data remaining in server buffers”.

ADS configuration and troubleshooting

/

Scenario

View auditing database connection health status
View and change auditing configuration
/

Objectives

Detect problems with ADS connection
Configure ADS
  1. Navigate to the Auditing tab of the CMC.
  2. Check the database currently used for the ADS. In the Status Summary area notice the ADS Database Connection Name and ADS Database User Name. If these values are empty then CMS cannot connect to ADS.
    Ensure that the DB used is the one you expect to be used:

ADS Database Connection Name: “BusinessObjects Audit Server 140”

ADS Database User Name: “XXXX” (the password you enter during installation)

  1. Notice the Configurationarea as shown on screenshot.

  1. Modify the Connection Name to an invalid DB name to see what happens if you point to non- existing ADS, then click Save.

Note: you do not change the ADS DB password, but if you accidently change it, reset it to the “XXXX” (the password you enter during installation).

Notice the following warning:

  1. Go to the CMC Server tab and select Servers List.

Notice that the Central Management Serverhas a Stale flag, meaning that it requires restart.

  1. Restart theCentral Management Server.If you have multiple CMSs, make sure that all CMSs are restarted.Wait for the server to restart.
  2. Go to the Auditing tab.

In Status Summaryarea notice a warning that no CMS is configured as an auditor.

Also in Status Summary area notice that theADS Database Connection Name and ADS Database User Name are empty. This indicates that CMS cannot connect to ADS.

Note: you may experience the same warning / situation when ADS DB user’s password has changed but wasn’t updated in CMC.

  1. Set the ADS Database Connection back to a valid value:BusinessObjects Audit Server 140
  2. Click Save.
  3. Restart the CMS.
  4. After the CMS has restarted, return to the Auditing tab and check the database currently used for ADS.Ensure that in the Status Summary area the ADS used is the one you expect to be used:

ADS Database Connection Name: BusinessObjects Audit Server 140

ADS Database User Name: “XXXX” (the password you enter during installation)

Auto delete configuration

/

Scenario

You want to limit the number of events in ADS by changing auditing events auto-delete interval.
/

Objectives :

Learn how configure older events auto-deletion
  1. Notice the Delete Event Older than (days)property.

This property controls how long the events are kept in the ADS.

CMS will periodically (once each 24 hours) delete events older that the values specified in this property. This deletion is performed at the time determined by the CMS (not configurable, like garbage collection in Java) and may take some time if large amount of data needs to be deleted.By default the Delete Event Older than (days) setting is for approximately100 years.The maximum acceptable value is equivalent to about 300 years.

Temp files location configuration

/

Scenario

Change the location where temporary auditing files are saved.
/

Objectives

Learn how to configure the location of auditing temporary files

To change the location where the auditee writes temporary auditing files, perform the following workflow on each node.

Note that if at the time of the change the old location had any temporary auditing files then the system moves them to the new folder automatically.

  1. Navigate to the Servers tab in the CMC.
  2. In left pane select Nodes. Right-click the node in the right pane.

  1. From the menu select Placeholders.

  1. Notice the %DefaultAuditingDir% placeholder.This placeholder controls the location where temporary auditing events are stored.

  1. Change the %DefaultAuditingDir% placeholder toC:/Program Files (x86)/SAP BusinessObjects/SAP BusinessObjects Enterprise XI 4.0/TempAuditing/. The CMS will create this folder. No server restart is required. If at the time of the change the old location had any temporary auditing files then the system automatically moves them to the new folder.
  2. Click Save & Close.
  3. In Windows Explorer (file manager) navigate to C:/Program Files (x86)/SAP BusinessObjects/SAP BusinessObjects Enterprise XI 4.0/TempAuditing/.
  4. Logout of the CMC and login again to cause events to be triggered.
  5. Immediately go tothe Windows Explorer window and click refresh to refresh the content of the C:/Program Files (x86)/SAP BusinessObjects/SAP BusinessObjects Enterprise XI 4.0/TempAuditing/ folder. Notice that a new auditing temp fileis created.

If you do not see the file it may be because CMS just picked it up after you’ve triggered the event (by logging into CMC) and before you managed to refresh Windows Explorer. In this case repeat two previous steps.

Note: Always make sure that the Default Auditing Directory folder is located on a local high speed drive. Never configure the folder to be located on a RAM disk (volatile memory) because events could be lost if the machine crashes or reboots.

Changing the auditing level

/

Scenario

You want to:
Enable or disable auditing level, events, and event details.
/

Objectives

Change auditing level
Enable and disable auditing events
Enable and disable auditing event details
  1. Login to the CMC as Administrator and navigate to the Auditing tab.
  2. Change the auditing level to Custom. In the Set Events area change the auditing level to Custom by moving the slider to Custom and clicking Save.With the Custom setting you can enable and disable individual events.
  1. In the Common Events area enable the Trigger event and disable the Logout event. Click Save.
  2. In the Set Event Details area, enable all event details. Click Save.

End of lab

© SAP AG 2011 SAP BusinessObjects / Page 1