M-Switch has comprehensive audit logging, which records details of message information, submission, transfer and delivery. The Audit Database stores structured audit log data from one or more M-Switch servers and is used by Isode tools for management reporting, message tracking, quarantine management and acknowledgement tracking.
It can also be used by customer applications to access audit information and by applications such as report generation and Service Level Agreement (SLA) systems.
Database Loading & Access
Audit information is loaded into the Audit Database shortly after it is logged by the M-Switch server, and so it is suitable for both real time applications such as tracking, and for historical analysis. The Audit Log Daemon parses the Isode audit log files and then (using JDBC) populates the Audit Database, which may be on the same machine or on a different server. The following diagram shows loading an Audit database from an M-Switch server.
The audit log daemon reads log files as they are written, and sends information to the Audit Database. It may also be used to process historical files. In the event that the same log file is processed twice (e.g., to ensure that specific data is in the audit database), duplicate detection will prevent multiple database entries from being created. The audit log daemon will correctly handle log file rollover.
The Audit Database must be run on a SQL Database Management System (DBMS) that supports JDBC access. For a large deployment, the audit database will often run on an independent server and not co-located with an M-Switch server.
Applications can access the Audit Database using JDBC or other interfaces supported by the DBMS. Three classes of audit database application are enabled:
- Isode GUI applications (using JDBC) and in particular MConsole, which is the primary tool for administrators accessing the Audit Database.
- Isode customer applications, which may use the audit database directly
- Isode Web applications (using JDBC), which provide an alternate UI providing a subset of the MConsole functionality.
Isode currently supports use of M-Switch with three DBMS systems:
- Microsoft SQL Server, which is a widely used commercial DBMS. Windows Integrated Authentication is supported for Microsoft SQL Server.
- PostgreSQL, which is a widely used cross-platform free SQL DBMS.
- HSQLDB. A simple, free Java DBMS, which is bundled with M-Switch and installed as the default DBMS for the Isode Audit Database. HSQLDB is good for evaluation and demonstration, but is not recommended or supported for production use
Isode supports its products for use with these DBMSs used as the Audit Database. Isode does not provide DBMS support, which Isode customers must handle independently.
It is possible to configure an audit database to with MS SQL Server peer-to-peer transactional replication, which means that database update and access can make use of database clustering capabilities.
MConsole Audit Database Capability
MConsole uses the Audit Database for Message Tracking, Quarantine Management and Acknowledgement Tracking. MConsole can be configured to access one or more remote Audit Databases to provide the functionality described below.
Message Tracking Interface
The MConsole Message Tracking interface allows flexible message tracking based on a range of standard and military messaging parameters, and shows if/when/how a given message has been delivered, transferred, or quarantined. This includes detailed access to message content and acknowledgement status.
Message History Interfaces
The MConsole Message History View, and also Messages Sent/Received tabs in ACP127 view allow easy operator access to message history, showing recently sent and received messages. This allows convenient access to recent messages, without the need to use the more complex general purpose message tracking interface.
Acknowledgement Tracking Interface
Message Correlation, to provide information derived from delivery reports and read receipts is provided by the MConsole Acknowledgement View and by the Quality of Service Daemon.
For more information see [Using Message Acknowledgements for Tracking, Correlation and Fire & Forget].
Some remote systems will not provide reliable acknowledgements, and so it makes sense to exclude them from message correlation. Information on “Alertable Missing Acknowledgements” is stored in the Audit Database using a flexible rules based approach and can be managed with MConsole as shown above.
Message Quarantine Interface
MConsole includes an operator view to access the message quarantine, and quarantine capabilities, described on Message Operator Interface page.
Audit Database Configuration
MConsole provides comprehensive GUI Audit Database configuration, that controls Audit database capabilities and related services. This is held in a file (auditdb.xml) and MConsole must be run on the machine holding this file. The local MConsole may also use this information to specify its own access to the Audit Database.
Accessed via the web-based interface described on the M-Switch Operator Interface page, real-time reports are available across the full range of time, message, originator and recipient parameters.
Message Quarantine Management
The audit database is part of the system supporting message quarantine management, which includes an email interface, for sending HTML messages to users with a list of messages in quarantine.
The email interface is provided as a script, which can be customized for each installation. The interface provides a list of the messages, and a URL which causes the message to be released from quarantine. Release works by updating the status in the audit database to "Pending resubmission". A background process releases messages from the quarantine and marks status to "Resubmitted after quarantine".
Audit Database Web Applications
There are three Web management applications that access the audit database to provide some of the statistics, tracking and quarantine capabilities of MConsole described on the Message Operator Interface page.
Isode Web applications accessing the Audit Database all use the architecture shown in the next illustration. Isode Audit Database applications are written in Java, and access the Audit Database using JDBC. These applications are written to run in Tomcat, a widely used and free Application Server. Tomcat can be used directly as a Web server or run in conjunction with other Web servers, such as Apache on Unix or IIS on Windows.
The Internet Messaging Administrator is a web-based interface giving the operator access to a Directory Configuration browser, message store configuration browser, shared folder manager and user manager. You can read about the Internet Messaging Administrator here.
The front end configuration of the Isode applications is written in JSP (JavaServer Pages), permitting easy customization of these interfaces. Simple changes, and in particular change of logo, are very straightforward.
Audit Database Maintenance
Isode provides a housekeeping daemon that will delete old records from the Audit Database according to audit database configuration.
Structure of the Audit Database
The audit database has a published structure, which you can see by clicking on the thumbnail image below.
The diagram (which will open in a new window) shows the scope and structure of the Audit database: full specifications are included as a part of the M-Switch documentation. You will see that the audit database includes:
- Message parameters, covering both Internet Messaging and X.400.
- Handling of delivery reports (X.400 DRs and SMTP DSNs).
Handling of read receipts (X.400 IPNs and SMTP MDNs).
- Storage of records from one or more M-Switch instances.
- Detailed information on message processing status and actions taken.
- Information on delivery reports / delivery status notifications.
- Information on messages held in quarantine (typically associated with anti-spam or anti-virus processing).
- Information on message archiving, so that the audit database can be used as an index to the message archive.
- Information on which viruses have been detected.
- Level of Spam score, and other spam detection information.