Hitachi

Job Management Partner 1 Version 10 Job Management Partner 1/IT Desktop Management 2 Overview and System Design Guide

2.10.2 Managing operation logs on the management server

Operation logs collected on a computer managed online are stored in an operation log backup folder via the management server. By restoring the operation logs to a database on the management server, you can view the operation logs from the Operation Logs view of the Security module.

[Figure]

Storing the operation logs on the management server

The operation logs collected on the management server are stored in an operation log backup folder. If automatic restoration of operation logs is enabled, the operation logs are automatically restored to the operation log database. To view the operation logs stored in the backup folder, restore them from the backup folder to the database.

Operation logs collected on the management server are saved in the database for about one month. The operation logs that are older than about one-month-old are automatically deleted from the database.

Note that if automatic backup of operation logs has been configured in Setup, operation logs are automatically backed up every day. You can view the backup operation logs by temporarily restoring them from the backup folder to the database. After deleting the restored operation logs, you can restore the operation logs for a different time period to the database. This enables you to view past operation logs.

Important note

If operation logs have not been collected on the management server, the Operation Logs view is not displayed.

Tip

We recommend that you use high-capacity drives, such as RAID or NAS, for the backup folder because large amounts of data might be stored in the backup folder over a long period of time.

Storing the operation logs on a user's computer

You can store operation logs for a certain amount of time on a user's computer in case the computer fails to connect to the management server. You can specify a time period to keep the operation logs in the security policy. Operation logs that are not sent to the management server are temporarily saved on the computer, and resent to the management server at the time specified by the security policy.

The operation logs can easily become large amounts of data. Therefore, set the time period for which the operation logs are kept after calculating the required disk capacity, based on the following formula:

260 x Time period (days) = Required disk capacity (KB)

Note: The required disk capacity varies depending on the acquired operation log items and user operations.

Important note

If processing is interrupted while the computer is communicating with the management server, some operation logs might be duplicated because the same data is notified at the next connection.

Related Topics:

Organization of this subsection

(1) Backing up and restoring operation logs on the management server

If the management server is configured to back up operation logs, you can collect a history of user operations as operation logs, and save them in an operation log backup folder.

[Figure]

Operation logs are collected from agent-installed computers at an interval specified by the security policy. The collected operation logs are accumulated in a data folder, and then stored in an operation log backup folder. You can also automatically restore collected operation logs to the operation log database.

The operation logs that have been restored to the operation log database can be viewed in the Operation Logs view in the Security module. To check past operation logs, restore them to the database, and then view the past operation logs in the Operation Logs view. You can clear the data in the database for restoration if you no longer need to view the data.

Note that backing up or restoring databases using Database Manager does not back up or restore the operation log database. You must back up or restore the operation log data manually.

Important note

When the management server has been configured in Setup so that operation logs are not collected, even if you enable collection of operation logs in a security policy, the operation logs collected from a computer are not saved.

Important note

Operation logs collected from a computer are not saved if the operation date and time of the operation logs is before the year 2000, or after more than 7 days from the current time on the management server.

To Page Top

(2) Backing up operation logs on the management server

Operation logs collected from computers are accumulated in a data folder and stored in the operation log backup folder once an hour.

Data to be backed up

Backup files for operation logs grouped by date with each group stored in a date folder, and stored in the Operations log backup folder specified during the Setup.The format of the date folder is OPR_DATA2_YYYYMMDD.

Size required for backup

The following conditions are used as guides to explain how to calculate the size required for backing up operation logs.

Note: All the above conditions are set as guides.

Size of operation log data

Size of operation log data per machine: 2,000 (logs) x 500 (bytes) = about 1 (MB)

Size of operation log data for 10,000 machines: 1 (MB) x 10,000 (machines) = 10 (GB)

Size of operation log data for 10,000 machines for one month (20 business days): 10 (GB) x 20 (days) = about 200 (GB)

Size of backup file data

Size of backup file data per machine: 1 (MB) x 6.7% = about 67 (KB)

Size of backup file data for 10,000 machines: 67 (KB) x 10,000 (machines) = about 670 (MB)

Size of backup file data for 10,000 machines for one month (20 business days): 670 (MB) x 20 (days) = 13.4 (GB)

Thus, you can calculate the sizes of operation log data and backup file data. Secure the free space for the database and for the backup-destination drive, considering the number of managed computers and the collection period of the operation logs.

Mail notification about free space shortage

You can configure to receive a mail notification when the free space on the backup destination is insufficient. The following are the triggers for mail notification:

Backup fails

If backup fails due to a shortage of the backup-destination drive capacity, a Critical error event is displayed in the Events module. In this case, a mail notification is automatically sent if mail notification of such events has been set.

Periodic monitoring detects free space shortage

If free space on the backup-destination drive is insufficient, an error event is displayed in the Events module. In this case, a mail notification is automatically sent if mail notification of such events has been set. Note that you can change the threshold value to output the insufficient free-space event by editing the properties of the configuration file. For properties of the configuration file, see A.5 Lists of properties.

To Page Top

(3) Restoring operation logs to the management server

To view operation logs, you need to restore them to the operation log database. You can restore operation logs automatically or manually.

Tip

The maximum number of days of operation logs that can be restored to the database can be configured in the management server setup. The maximum is 500 days.

Automatic restoration

Operation logs are automatically restored according to the storage period specified in the Operation Log Settings in the Settings module.

On average, a managed computer generates 2,000 operation logs per day. Restoring an excessive amount of operation logs might overload the system. To prevent system overload, we recommend that you limit the types of operation logs to be collected, or reduce the number of managed computers.

Use the following formula as a guideline for an operation that does not overload the system:

Number of managed computers x 2,000 logs x Period for storing automatically restored operation logs (days) x x < 300,000,000

x: A coefficient depending on the collected operation log items. Specify the sum of the following items to be collected:

This calculation is not necessary for non-bulky operation log types including power-on/shut-down, logon/logoff, file operations via a network, and print operation.

For example, if you want to collect operation logs for web accesses and window operations for 10,000 managed computers, the storage period is as follows:

10,000 computers x 2,000 logs x Period for storing automatically restored operation logs (days) x 0.66 < 300,000,000

Period for storing automatically restored operation logs (days) = 22.7 days ≈ about 1 month (20 business days per month)

Manual restoration

You can restore operation logs by specifying a time period that includes the operation log you want to investigate. You can also specify the target computer you want to restore operations logs from,

Important note

The backup files in the operation log backup folder are stored, based on the time zone on the management server. Therefore, if different time zones are used between the management server and the computer running the web browser, you must use the time zone on the management server when you specify a period for manual restoration of operation logs.

Important note

The data that appears when you place a mouse cursor over a date on the time chart in the Operation logs view in the Security module are the status and the number of operation logs. Therefore, if different time zones are used between the management server and the computer running the web browser, the number of operation logs displayed on the tool tip and the number of operation logs filtered by a date might differ.

Important note

Depending on the environment, it might take two or more hours to restore 3 months of operation logs for 200 computers. To reduce the time required for restoration, narrow the scope of restoration.

To Page Top

(4) Periodically exporting operation logs

You can export collected operation logs in a CSV format when you want to save them in a CSV file, or import them to other systems. In the Operation Log Settings view in the Settings module, select the Periodically export operation logs. check box to export the operation logs to the export folder in the operation log backup folder every hour. The following describes the output information of the CSV file.

Output destination of the CSV file

operation-log-backup-folder\export

Output file name

oplog_YYYYMMDD_NNN.csv

YYYYMMDD: Date on which the periodic export was performed.

NNN: Serial number from 001 to 999. If the number exceeds 999, an event is generated.

The files are output in the order of the operation logs.

File size

A file is 2 GB or less. A file exceeding 2 GB is divided,

Character code

UTF-8

Output format

For details on the output format, see the description of the output format for the exported operation logs in the Job Management Partner 1 Version 10 Job Management Partner 1/IT Desktop Management 2 Administration Guide.

Important note

Because an output CSV file is not compressed, enabling periodic export of operation logs requires a large amount of disk space. Compress or back up the CSV files in other disks if necessary. For a guideline on the disk space required when periodically exporting output logs, see 4.5.3 Guidelines for disk space requirements for operation log backup folder.

To Page Top

(5) Additional cache of the operation log database

To increase the search performance of the operation logs, you can set a cache size when you set up the management server. Specify 1 GB for 2,500 managed computers. The additional cache of the operation log database can be set in a 64-bit environment.

To Page Top

(6) Recreating an index of the operation log database

To maintain search performance of operation logs, an index of the operation log database is recreated once a day (between 01:00 and 02:00). This applies to the automatically backed-up operation logs.

An operation log search operation might become slower during recreation of the index of the operation log database. Execute the operation log export command (ioutils exportoplog) after the index is recreated.

Tip

You can reduce the time spent on searching for operation logs by filtering the search target devices (for example, by group, location, source, or user name).

Related Topics:

To Page Top

Trademarks

All Rights Reserved. Copyright (C) 2015, Hitachi, Ltd.

Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated.