Isode server products provide audit logging so that key actions can be recorded for audit purposes (e.g., Adding an entry to the directory). Audit log entries are written in an easily parseable, extensible format that can be easily analyzed. This structure is used to parse the M-Switch audit logs for processing into the Audit Database.
Configuration GUIs for each product allow you to choose which audit events you wish to log, which data keys to log, and to configure multiple audit logging streams, so if you need multiple audit logs with different (potentially overlapping) information that can be achieved.
This fine grain control over audit logging enables it to be appropriately tuned to operational requirements.
Isode provides a comprehensive event system used in all of its servers and management tools. Each event has a defined severity, and associated description and operator action Events are grouped into 'facilities' for which default actions can be set independently (as in the following screenshot).
Isode products can configure one or more event streams. When an event occurs, it will be handled by each event stream which has the event selected. The following options are available for event streams:
- Log to file. File logging supports log file roll-over at configurable interval.
- Send to syslog (Unix Systems).
- Create a Windows Event (Windows).
- Send to the Server Watch Daemon.
The Server Watch Daemon enables events to be aggregated from multiple sources and then processed in a number of ways:
- Use any of the standard Isode event mechanisms, such as log to file.
- Send to SNMP (Simple Network Management Protocol). This is described in more detail here.
More information on Isode event logging together with an explanation of event severity levels can be found in the whitepaper [Operational Monitoring and Control of Systems using Isode Servers].
When events are logged to a file, Isode's client/server Event Viewer may be used from any location to examine events. Isode’s event viewer can be used standalone or integrated with MConsole (shown above). As well as client/server operation, it can read event logs from the local filestore. Capabilities include:
- Events and audit logs can be viewed from multiple servers.
- Single log file or multiple log files can be viewed at the same time.
- Login profiles to multiple servers can be stored.
- Log files from any Isode product can be viewed.
- Searching, filtering and sorting is supported (e.g., to find log entries relating to a specific message).
- Logged events are color-coded to enable event types to be distinguished at a glance.
- A monitoring mode allows watching of logs as they are created.
In addition to the audit logging and event system described, Isode products also support debug logging, and special logging for PDUs (Protocol Data Units) to help diagnose interworking issues.