Hitachi

JP1 Version 12 JP1/IT Desktop Management 2 Overview and System Design Guide


2.10.2 Managing operation logs on the management server

Operation logs collected on a computer managed online are stored in an operation log backup folder via the management server. By restoring the operation logs to a database on the management server, you can view the operation logs from the Operation Logs view of the Security module.

[Figure]

Storing the operation logs on the management server

The operation logs collected on the management server are stored in an operation log backup folder. If automatic restoration of operation logs is enabled, the operation logs are automatically restored to the operation log database. To view the operation logs stored in the backup folder, restore them from the backup folder to the database.

Operation logs collected on the management server are saved in the database for about one month. The operation logs that are older than about one-month-old are automatically deleted from the database.

Note that if automatic backup of operation logs has been configured in Setup, operation logs are automatically backed up every day. You can view the backup operation logs by temporarily restoring them from the backup folder to the database. After deleting the restored operation logs, you can restore the operation logs for a different time period to the database. This enables you to view past operation logs.

When you restore the operation logs, if the data already restored includes a part of the specified restoration range, all the operation logs are overwritten.

Important

If operation logs have not been collected on the management server, the Operation Logs view is not displayed.

Important

If you enable automatic restoration without setting the operation log backup folder, the operation logs are automatically restored in the operation log database, but are not stored in the operation log backup folder. In this case, failure in the operation log database might not be recovered. Therefore, we recommend that you specify the backup folder.

Important

The operation log contains a large amount of data, so the disk capacity might become insufficient. If the disk capacity is insufficient, the following problems might occur. To prevent these problems, perform maintenance regularly.

  • The database becomes blocked.

  • An attempt to receive inventory or operation logs from agents fails.

  • An attempt to update device change logs fails.

  • An attempt to register, update, or search for operation logs fails.

  • An attempt to back up, restore, or reorganize the database fails.

Tip

We recommend that you use high-capacity drives, such as RAID or NAS, for the backup folder because large amounts of data might be stored in the backup folder over a long period of time.

Important

Save only operation log files in the operation log backup folder.

Important

The shutdown operation logs for shared VDI-based virtual computers are acquired after logoff. Under the following circumstances, the initialization of virtual computers causes the operation logs to be deleted, and you will not be able to acquire the operation logs:

  • When a virtual computer employing the floating technology provided by VMware Horizon View, the random technology provided by the MCS (Machine Creation Services) of Citrix Virtual Desktops, or the PVS (Provisioning Services) technology provided by Citrix Virtual Desktops is shut down

  • When a virtual computer employing the dedicated technology provided by VMware Horizon View or the static technology provided by the MCS of Citrix Virtual Desktops is shut down and the master is updated

Storing the operation logs on a user's computer

You can store operation logs for a certain amount of time on a user's computer in case the computer fails to connect to the management server. You can specify a time period to keep the operation logs in the security policy. Operation logs that are not sent to the management server are temporarily saved on the computer, and resent to the management server at the time specified by the security policy.

The operation logs can easily become large amounts of data. Therefore, set the time period for which the operation logs are kept after calculating the required disk capacity, based on the following formula:

260 x Time period (days) = Required disk capacity (KB)

If you are using the operation logging function in a Citrix XenApp and Microsoft RDS environment, you have to further multiply this figure by the number of logged-in users.

Note: The required disk capacity varies depending on the acquired operation log items and user operations.

Important

If processing is interrupted while the computer is communicating with the management server, some operation logs might be duplicated because the same data is notified at the next connection.

Related Topics:

Organization of this subsection

(1) Backing up and restoring operation logs on the management server

If the management server is configured to back up operation logs, you can collect a history of user operations as operation logs, and save them in an operation log backup folder.

[Figure]

Operation logs are collected from agent-installed computers at an interval specified by the security policy. The collected operation logs are accumulated in a data folder, and then stored in an operation log backup folder. You can also automatically restore collected operation logs to the operation log database.

The operation logs that have been restored to the operation log database can be viewed in the Operation Logs view in the Security module. To check past operation logs, restore them to the database, and then view the past operation logs in the Operation Logs view. You can clear the data in the database for restoration if you no longer need to view the data.

Note that backing up or restoring databases using Database Manager does not back up or restore the operation log database. You must back up or restore the operation log data manually.

Important

When the management server has been configured in Setup so that operation logs are not collected, even if you enable collection of operation logs in a security policy, the operation logs collected from a computer are not saved.

Important

Operation logs collected from a computer are not saved if the operation date and time of the operation logs is before the year 2000, or after more than 7 days from the current time on the management server.

(2) Backing up operation logs on the management server

Operation logs collected from computers are accumulated in a data folder and stored in the operation log backup folder once an hour.

Data to be backed up

Backup files for operation logs grouped by date with each group stored in a date folder, and stored in the Operations log backup folder specified during the Setup.The format of the date folder is OPR_DATA2_YYYYMMDD.

Size required for backup

The following conditions are used as guides to explain how to calculate the size required for backing up operation logs.

Note: All the above conditions are set as guides.

Size of operation log data

Size of operation log data per machine: 2,000 (logs) x 500 (bytes) = about 1 (MB)

Size of operation log data for 10,000 machines: 1 (MB) x 10,000 (machines) = 10 (GB)

Size of operation log data for 10,000 machines for one month (20 business days): 10 (GB) x 20 (days) = about 200 (GB)

Size of backup file data

Size of backup file data per machine: 1 (MB) x 6.7% = about 67 (KB)

Size of backup file data for 10,000 machines: 67 (KB) x 10,000 (machines) = about 670 (MB)

Size of backup file data for 10,000 machines for one month (20 business days): 670 (MB) x 20 (days) = 13.4 (GB)

Thus, you can calculate the sizes of operation log data and backup file data. Secure the free space for the database and for the backup-destination drive, considering the number of managed computers and the collection period of the operation logs.

Mail notification about free space shortage

You can configure to receive a mail notification when the free space on the backup destination is insufficient. The following are the triggers for mail notification:

Backup fails

If backup fails due to a shortage of the backup-destination drive capacity, a Critical error event is displayed in the Events module. In this case, a mail notification is automatically sent if mail notification of such events has been set.

Periodic monitoring detects free space shortage

If free space on the backup-destination drive is insufficient, an error event is displayed in the Events module. In this case, a mail notification is automatically sent if mail notification of such events has been set. Note that you can change the threshold value to output the insufficient free-space event by editing the properties of the configuration file. For properties of the configuration file, see A.5 Lists of properties.

(3) Restoring operation logs to the management server

To view operation logs, you need to restore them to the operation log database. You can restore operation logs automatically or manually.

You can also restore operation logs of JP1/IT Desktop Management.

Tip

If the location you specified for Operation log backup folder during setup contains an operation log backup file for an old product version (JP1/IT Desktop Management), the tooltip Not restored (operation logs for old product versions) appears when you align your mouse with the time chart at the top of the Operations Log List view. In this case, the number of items is not displayed.

Tip

The maximum number of days of operation logs that can be restored to the database can be configured in the management server setup. The maximum is 500 days.

Automatic restoration

Operation logs are automatically restored according to the storage period specified in the Operation Log Settings in the Settings module.

On average, a managed computer generates 2,000 operation logs per day. Restoring an excessive amount of operation logs might overload the system. To prevent system overload, we recommend that you limit the types of operation logs to be collected, or reduce the number of managed computers.

Use the following formulas as a guideline for an operation that does not overload the system:

(a) Number of managed computers x 2,000 logs x Period for storing automatically restored operation logs (days) x x < 300,000,000

x: A coefficient depending on the collected operation log items. Specify the sum of the following items to be collected:

(b) Number of managed computers x Number of operation logs per day# < 60,000,000

#: It is the total number of operation logs and HIBUN logs. Operate your system for one week to one month before determining it because the number of HIBUN logs depends on the types of HIBUN logs to import and your environment.

This calculation is not necessary for non-bulky operation log types including power-on/shut-down, logon/logoff, file operations via a network, and print operation.

For example, if you want to collect operation logs for web accesses and window operations for 10,000 managed computers, the storage period is as follows:

10,000 computers x 2,000 logs x Period for storing automatically restored operation logs (days) x 0.66 < 300,000,000

Period for storing automatically restored operation logs (days) = 22.7 days ? about 1 month (20 business days per month)

Manual restoration

You can restore operation logs by specifying a time period that includes the operation log you want to investigate. You can also specify the target computer you want to restore operations logs from,

The maximum number of days of operation logs that can be manually restored to the database is calculated as Maximum number of days for which operation logs are to be stored in the database value (specified during the server set up) minus Period for storing automatically restored operation logs value (specified in the Settings module).

Tip

when you align your mouse with the time chart at the top of the Operations Log List view. It might take a long time for the number of operation logs that have not been acquired displayed on a tool tip displayed by mousing over a date on a time chart in the Operation Logs view of the Security module to be reflected.

Important

The backup files in the operation log backup folder are stored, based on the time zone on the management server. Therefore, if different time zones are used between the management server and the computer running the web browser, you must use the time zone on the management server when you specify a period for manual restoration of operation logs.

Important

The data that appears when you place a mouse cursor over a date on the time chart in the Operation logs view in the Security module are the status and the number of operation logs. Therefore, if different time zones are used between the management server and the computer running the web browser, the number of operation logs displayed on the tool tip and the number of operation logs filtered by a date might differ.

Important

Depending on the environment, it might take two or more hours to restore 3 months of operation logs for 200 computers. To reduce the time required for restoration, narrow the scope of restoration.

Important

When the number of days for which operation logs you want to manually restore in a day exceeds the maximum number of days for which operation logs can be manually restored in the database, you must set the maximum number of days for storing to the sum of the number of days for automatic restoration and the number of days for manual restoration per day.

Example: When the number of days for automatic restoration is 30 days and you want to manually restore operation logs for a half year (180 days) in a day, you must set the maximum number of days for storing to 210 days.

Operation log database

The size of the operation log database is expanded by the number of collected operation logs. Even if the operation log is deleted from the management screen, the size of the operation log database will not be reduced. When the operation log is deleted, it becomes free space in the database at the time of daily operation log database maintenance. This Free space is reused when collecting operation logs.

You can change the time to perform maintenance of the operation log database at the properties of the configuration file. For details about the properties of the configuration file, see A.5 Lists of properties.

(4) Periodically exporting operation logs

You can export collected operation logs in a CSV format when you want to save them in a CSV file, or import them to other systems. In the Operation Log Settings view in the Settings module, select the Periodically export operation logs. check box to export the operation logs to the export folder in the operation log backup folder every hour. The following describes the output information of the CSV file.

Output destination of the CSV file

operation-log-backup-folder\export

Output file name

oplog_YYYYMMDD_NNN.csv

YYYYMMDD: Date on which the periodic export was performed.

NNN: Serial number from 001 to 999. If the number exceeds 999, an event is generated.

The files are output in the order of the operation logs.

File size

A file is 2 GB or less. A file exceeding 2 GB is divided,

Character code

UTF-8

Output format

For details on the output format, see the description of the output format for the exported operation logs in the JP1/IT Desktop Management 2 Administration Guide.

Important

Because an output CSV file is not compressed, enabling periodic export of operation logs requires a large amount of disk space. Compress or back up the CSV files in other disks if necessary. For a guideline on the disk space required when periodically exporting output logs, see 4.5.3 Guidelines for disk space requirements for operation log backup folder.

(5) Additional cache of the operation log database

To increase the search performance of the operation logs, you can set a cache size when you set up the management server. Specify 1 GB for 2,500 managed computers.

(6) Recreating an index of the operation log database

To maintain search performance of operation logs, maintenance of the operation log database is carried out once a day (between 01:00 and 02:00).

Important

In the case of shutdown of the management server at night, please change the time of the maintenance, so that the maintenance of the operation log database is executed once a day

An operation log search operation might become slower during recreation of the index of the operation log database. Execute the operation log export command (ioutils exportoplog) after the index is recreated.

Tip

You can reduce the time spent on searching for operation logs by filtering the search target devices (for example, by group, location, source, or user name).

Related Topics: