Audit DatabaseMessage Audit Database and Message Tracking
M-Switch has comprehensive audit logging, which records details of message information, submission, transfer and delivery. The Audit Database stores structured audit log data from one or more M-Switch servers and is used by Isode tools for management reporting, message tracking, quarantine management and acknowledgement tracking.
It can also be used by customer applications to access audit information and by applications such as report generation and Service Level Agreement (SLA) systems.
Database Loading & Access
Audit information is loaded into the Audit Database shortly after it is logged by the M-Switch server, and so it is suitable for both real time applications such as tracking, and for historical analysis. The Audit Log Daemon parses the Isode audit log files and then (using JDBC) populates the Audit Database, which may be on the same machine or on a different server. The following diagram shows loading an Audit database from an M-Switch server.
The audit log daemon reads log files as they are written, and sends information to the Audit Database. It may also be used to process historical files. In the event that the same log file is processed twice (e.g., to ensure that specific data is in the audit database), duplicate detection will prevent multiple database entries from being created. The audit log daemon will correctly handle log file rollover.
The Audit Database must be run on a SQL Database Management System (DBMS) that supports JDBC access. For a large deployment, the audit database will often run on an independent server and not co-located with an M-Switch server.
Applications can access the Audit Database using JDBC or other interfaces supported by the DBMS. Three classes of audit database application are enabled:
- Isode GUI applications (using JDBC) and in particular MConsole, which is the primary tool for administrators accessing the Audit Database.
- Isode customer applications, which may use the audit database directly
- Isode Web applications (using JDBC), which provide an alternate UI providing a subset of the MConsole functionality.
Isode currently supports use of M-Switch with three DBMS systems:
- Microsoft SQL Server, which is a widely used commercial DBMS. Windows Integrated Authentication is supported for Microsoft SQL Server.
- PostgreSQL, which is a widely used cross-platform free SQL DBMS.
- HSQLDB. A simple, free Java DBMS, which is bundled with M-Switch and installed as the default DBMS for the Isode Audit Database. HSQLDB is good for evaluation and demonstration, but is not recommended or supported for production use
Isode supports its products for use with these DBMSs used as the Audit Database. Isode does not provide DBMS support, which Isode customers must handle independently.
It is possible to configure an audit database to with MS SQL Server peer-to-peer transactional replication, which means that database update and access can make use of database clustering capabilities.
Structure of the Audit Database
The Audit Database has a published structure, which is available as a PDF document.
The structure document shows the scope of the Audit database: full specifications are included as a part of the M-Switch documentation. You will see that the audit database includes:
- Message parameters, covering both Internet Messaging and X.400.
- Handling of delivery reports (X.400 DRs and SMTP DSNs).
Handling of read receipts (X.400 IPNs and SMTP MDNs).
- Storage of records from one or more M-Switch instances.
- Detailed information on message processing status and actions taken.
- Information on delivery reports / delivery status notifications.
- Information on messages held in quarantine (typically associated with anti-spam or anti-virus processing).
- Information on message archiving, so that the audit database can be used as an index to the message archive.
- Information on which viruses have been detected.
- Level of Spam score, and other spam detection information.
MConsole Audit Database Capability
MConsole uses the Audit Database for Message Tracking, Quarantine Management and Acknowledgement Tracking.
MConsole can be configured to access one or more remote Audit Databases to provide:
- Message Tracking
- Quarantine Management
- Acknowledgement Tracking
This is discussed in more detail on the M-Switch Operational Management page.