Messaging and Directory Server software used around the world in the Government, Military, Aviation and Commercial sectors.

Products

Messaging Operational Management: Audit Database

M-Switch has comprehensive audit logging, which records details of message information, submission, transfer and delivery.

The Audit Database stores structured audit log data from one or more M-Switch servers in an ODBC database and is used by Isode tools for management reporting, message tracking and quarantine management.

It can also be used by customer applications to access audit information and by applications such as report generation and Service Level Agreement (SLA) systems.

Database Loading & Access

Audit information is loaded directly into the Audit Database, and so it is suitable for both real time applications such as tracking, and for historical analysis. The audit database is loaded from the Isode audit log files, using an ODBC application on the message server, which can transfer audit information to an ODBC database on the same machine or on a different server. The following diagram shows loading the audit database from two M-Switch servers.

The audit log daemon reads log files as they are written, and sends information to the Audit Database. It may also be used to analyze historical files. In the event that the same log file is processed twice (e.g., to ensure that specific data is in the audit database), duplicate detection will prevent multiple database entries from being created. The audit log daemon will correctly handle log file rollover.

Applications can access the Audit Database using ODBC or other interfaces supported by the database. Three classes of audit database application are envisaged:

1. Isode customer applications, directly accessing the database.
2. Isode Web applications (using JDBC).
3. Isode GUI applications (future).

The Audit Database uses Postgres, which is a cross-platform free ODBC Database.

Isode Audit Database Applications

The current release includes three management applications that make use of the audit database:

Message Tracking Interface

This web-based interface is targeted at operators of M-Switch with administration level access. It allows message tracking based on a range of parameters, and shows if/when/how a given message has been delivered, transferred, or quarantined. As well as comprehensive statistical information and user and roles setup and editing. Details and screen shots are given on the M-Switch Operator Interface.

Message Quarantine Interface

This includes an operator interface, described in the M-Switch Operator Interface page and an email interface, for sending HTML messages to users with a list of messages in quarantine.

The email interface is provided as a script, which can be customized for each installation. The interface provides a list of the messages, and a URL which causes the message to be released from quarantine. Release works by updating the status in the audit database to "pending release". A background process releases messages from the quarantine and marks status to "released".

Statistical Reporting

Accessed via the web-based interface described on the M-Switch Operator Interface page, real-time reports are available across the full range of time, message, originator and recipient parameters. For more information on Statistical Reporting together with screen shots of sample reports, you should refer to the M-Switch Operator Interface page.

Isode Web Application Architecture

Isode Web applications accessing the Audit Database all use the architecture shown in the next illustration. Isode Audit Database applications are written in Java, and access the Audit Database using JDBC. These applications are written to run in Tomcat, a widely used and free Application Server. Tomcat can be used directly as a Web server or run in conjunction with other Web servers, such as Apache on Unix or IIS on Windows.

The Internet Messaging Administrator is a web-based interface giving the operator access to a Directory Configuration browser, messag store configuration browser, shared folder manager and user manager. You can read about the Internet Messaging Administrator here.

The front end configuration of the Isode applications is written in JSP (Java Server Pages), permitting easy customization of these interfaces. Simple changes, and in particular change of logo, are very straightforward.

Structure of the Audit Database

The audit database has a published structure, which you can see by clicking on the thumbnail image below.

The diagram (which will open in a new window) shows the scope and structure of the Audit database: full specifications are included as a part of the M-Switch documentation. You will see that the audit database includes:

• Message parameters, covering both Internet Messaging and X.400.
• Storage of records from one or more M-Switch instances.
• Detailed information on message processing status and actions taken.
• Information on delivery reports / delivery status notifications.
• Information on messages held in quarantine (typically associated with anti-spam or anti-virus processing).
• Information on message archiving, so that the audit database can be used as an index to the message archive.
• Information on which viruses have been detected.
• Level of Spam score, and other spam detection information.

Availability

Audit DB is available on all of our supported platforms, except HP-UX. The Audit log daemon is available on all platforms. More details on supported platforms and versions can be found here.