Isode server products provide audit logging so that key actions can be recorded for audit purposes (e.g., Adding an entry to the directory). Audit log entries are written in an easily parseable, extensible format that can be easily analyzed. This structure is used to parse the M-Switch audit logs for processing into the Audit Database.
Configuration GUIs for each product allow you to choose which audit events you wish to log, which data keys to log, and to configure multiple logging streams, for example to separate the logging of different processes or groups of event.
This fine grain control over audit logging enables it to be appropriately tuned to operational requirements.
Isode provides a comprehensive event system used in all of its servers and management tools. Each event has a defined severity, and associated description and operator action Events are grouped into 'facilities' for which default actions can be set independently (as in the following screenshot).
Isode products can configure one or more event streams. When an event occurs, it will be handled by each event stream which has the event selected. The following options are available for event streams:
- Log to file. File logging supports log file roll-over at configurable interval.
- Send to syslog (Unix Systems).
- Create a Windows Event (Windows).
- Send to the Server Watch Daemon.
The Server Watch Daemon enables events to be aggregated from multiple sources and then processed in a number of ways:
- Use any of the standard Isode event mechanisms, such as log to file.
- Send to SNMP (Simple Network Management Protocol). This is described in more detail here.
More information on Isode event logging together with an explanation of event severity levels can be found in the whitepaper [Operational Monitoring and Control of Systems using Isode Servers].
M-Switch Alert Daemon
The Alert Daemon is a process that connects to the M-Switch QMGR and monitors the state of the queue. It can be configured to generate Events relating to the status of the queue, for example queue length, message age and message priority. The Alert Daemon has flexible configuration on a wide range of status parameters to enable flexible creation of events corresponding to situations where action needs to be taken.
When events are logged to a file, Isode's client/server Event Viewer may be used from any location to examine events. Isode’s event viewer can be used standalone or integrated with MConsole (shown below).
As well as client/server operation, it can read event logs from the local filestore. Capabilities include:
- Events and audit logs can be viewed from multiple servers.
- Single log file or multiple log files can be viewed at the same time.
- Login profiles to multiple servers can be stored.
- Log files from any Isode product can be viewed.
- Searching, filtering and sorting is supported (e.g., to find log entries relating to a specific message).
- Logged events are color-coded to enable event types to be distinguished at a glance.
- A monitoring mode allows watching of logs as they are created.
In addition to the audit logging and event system described, Isode products also support debug logging, and special logging for PDUs (Protocol Data Units) to help diagnose interworking issues.
Certain events may be specified as Operator Alerts, and configured with a default alert level (1-5). These are events which are considered of interest to a human operator, either to take action on or to be informed of. This is distinct from many events that will primarily be of interest when retrospectively diagnosing activity.
The MConsole Operator Alert view selects events which are alert-able to an operator. The view has configured actions for alerts of each severity, such as raising the tab and making an audio alert. The actions taken for each severity are configurable. The operator may also modify the alert level for an operator alert, including disabling it.
The MConsole Operator Alert view is designed to help the operator see and act on critical events, while not being distracted by other events that are part of normal M-Switch operation.