SlideShare a Scribd company logo

Open mic activity logging

Ranjit Rai, profile picture
Ranjit Rai

This document discusses IBM Notes/Domino activity logging and activity trends. It provides an overview of how to configure activity logging, what types of activities are logged, and how to analyze the log data. It also covers how to use activity trends to view historical trends on user activity, database access, and server load. Examples are given on using the log data to track mail sender IP addresses and database access IP addresses. Tips on troubleshooting large log file sizes and limiting the growth of the activity database are also included.

Technology
1 of 35
Downloaded 80 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Exploring IBM Notes/Domino Activity Logging and Activity Trends Open Mic Javed Batliwala Staff Software Engineer Naresh Luthra Staff Software Engineer IBM Collaboration Solutions Powered by IBM SmartCloud Meetings © 2014 IBM Corporation
About Us Staff Software Engineer, IBM Notes / Domino javed.batliwala@in.ibm.com Staff Software Engineer, Smart Cloud naresh.luthra@in.ibm.com Ranjit Rai – Lotus Technical Advisor Focussing on Entire Notes Domino Hansraj Mali – Lotus Technical Advisor Focussing on Entire Notes Domino Jayaval Rajendran – Lotus Technical Advisor Focussing on Entire Notes Domino Vinayak Tavargeri- Support Manager – Facilitator for AP Open Mics vtavargeri@in.ibm.com 2 © 2014 IBM Corporation
Abstract  IBM Domino Server is having an exceptional functionality and features which fit perfectly for customers and their business needs. While working in professional environment, one cannot forget or compromise in security.  Domino Server is very robust and having very high level of security. It captures different types of logs if it has been configured properly. In day to day activities, administrators may find it difficult to extract the information like IP Addrress of system from which the particular Notes database or mail file was accessed or internal mail routing session/IP details or unused mail databases etc. So let's come together for the session on Activity Logging and Activity Trends. What are the best practices for using Activity Logging and Trends ?  When to use them and when not ? What information you will find in them ? Should I enable on all servers or only one server ? We will provide answers to all those queries.  In this session its our sincere effort to enable our end customers to be more effective and confident in managing and securing their Notes/Domino environment. 3 © 2014 IBM Corporation
Agenda  Activity Logging and Activity Trends  How to configure Activity Logging  Working with Activity Trends  Analyzing Activity Logging Data  User Activity Logging for a Database  Test Cases a) Mail b) Notes DB c) Notes session  Troubleshooting  References  Q&A 4 © 2014 IBM Corporation
Activity Logging  Server tasks provide enhanced activity data  Activity data stream written to the server log (log.nsf)  Controlled via server configuration document  API provided to access the activity data stream 5 © 2014 IBM Corporation
How to configure Activity Logging How to check if Activity Logging feature is Enabled / Disabled:  Type the console command “show server” on Domino console from the output it will show if Activity Logging feature is Enabled / Not Enabled. You configure activity logging by editing the Configurations Settings document.  From the Domino Administrator, click the Configuration tab.  In the Task pane, expand Server and click Configurations.  In the Results pane, select the Configuration Settings document you want, and click Edit Configuration. 6 © 2014 IBM Corporation
How to configure Activity Logging (cont')  On the Configuration Settings document, click the Activity Logging tab.  Select “Activity logging is enabled.”  In the “Enabled logging types” field, select the types of activity you want to log.  (Optional) To increase or decrease the frequency of creating Checkpoint records, change the checkpoint interval.  (Optional) To automatically create Notes session and Notes database  Checkpoint records every day at midnight, select Log checkpoint at midnight.  (Optional) To automatically create Notes session and Notes database Checkpoint records every day at the beginning and end of a specific time period, select “Log checkpoints for prime shift” and then specify the times for the Prime shift interval  Click Save & Close.  (Optional) If you are logging activity for LDAP Add and Modify operations and want to change the amount of information logged in the Attributes field from the default of 4096 bytes, follow the steps in the topic “Limiting the amount of attribute information logged for LDAP Add and LDAP Modify activity.” 7 © 2014 IBM Corporation
How to configure Activity Logging (cont') 8 © 2014 IBM Corporation
Checkpoint  The records in the log file keep track of all activity generated. Domino creates different types of records for each type of activity. For some types of activity, Domino creates multiple records during a session; for other types of activity, Domino creates a single record.  For types of activity that could require long sessions to complete, Domino generates an Open or Authorization record when a session begins. This record indicates that a session is open and shows the time at which the session began. During the session, Domino generates Checkpoint records, which log all activity that has occurred so far during the session  Domino creates Checkpoint records for the following types of activity: IMAP, Notes session, Notes database, Notes passthru, POP3, and SMTP.  Checkpoint records are cumulative; each one contains all of the activity that was logged to that point during the open session. By default, Domino creates a Checkpoint record the first time there is activity after a 15 minute waiting period. 9 © 2014 IBM Corporation
Activity logging records Activity type What this logs Agent  Domino server-based agent that run successfully. 10 © 2014 IBM Corporation  Record the name of the agent ,  The name of the database that contains the agent  The amount of time it took to run the agent  Name of the person who last saved the agent Note : The record does not show the types of activities the agent perform , Agent which run on web server HTTP  Name of the Web server  Name of the user accessing the Web Server  The URL the user Clicked  The Number of bytes returned  Time to process the request  Http status code IMAP  Tracks IMAP session activity such as user name , server name , the IP address , number of bytes the client sent and read from the server and the duration of session  Type of records for IMAP Sessions  Authorization records  Checkpoints record  Closed record
Activity logging records (cont') Activity type What this logs LDAP  Records information about every LDAP request 11 © 2014 IBM Corporation  Each LDAP request has different structure , generate a different activity logging record for each type Type of requests are Abandon , Add , Bind, Compare, Delete, Modify, Extended, ModifyDN, Search, Unbind Mail  Tracks mail that is sent from and received by a server  Records name of the server that created the record , originator and recipient of the message , message ID , preceding and the next hope on the delivery route and size of the message Type of activity records are Deposit , delivery, delivery failure Transfer , Transfer failure Notes Database  Tracks notes database activity that occur during the server session  Name of the Database , name and address of the database user , number of document read and written , the number of bytes read and written , total number of transactions executed in the database , length of time Db was opened Type of records are Open records , Checkpoints records , Close records , ClosedEnd record , mailDepoist records
The information in the log file (cont') Activity type What this logs Notes Passthru  Tracks activity that is generated by a client or a server 12 © 2014 IBM Corporation through a passthru connection.  Information as the number of bytes sent and received, the number of documents read and written, the number of transactions executed, and the duration of the passthru session. Type of Activity records are Open records , Checkpoint records and close records Notes Session  Tracks network traffic that occurs during a server session with a Notes client or with another Domino server acting as a client  Records include such information as the name and network address of the session user, the number of documents read and written, the number of bytes read and written, the total number of transactions executed during the session, and the duration of the session.  Servers, users, and API programs can all generate session activity.
Activity logging records (cont') Activity type What this logs POP3  The name of the user, 13 © 2014 IBM Corporation  The IP address of the client,  The number of bytes the client sends to and reads from the server  The number of messages sent to the client,  The number of messages deleted from the client, and the duration of the session. Type of records are Authorization records , Checkpoint records, Close records Replica  The names of the source and  Destination servers,  The replicaID of the database  The number of bytes replicated in each direction. SMTP  Record information such as the IP address of the connected client  The number of messages the client sends to the server,  The number of bytes the client sends to and receives from the server,  the number of recipients to whom messages are sent  The duration of the session.
Activity Trends  Core Domino Functionality  Trend user Activity - Identity (Person or DB) - Database - Access Protocol  Statistic for - Current Observation - Historical Trends - Load on Server  Store it in Activity.nsf 14 © 2014 IBM Corporation Data Flow
Working with Activity Trends 15 © 2014 IBM Corporation
Working with Activity Trends 16 © 2014 IBM Corporation
Working with Activity Trends 17 © 2014 IBM Corporation
Working with Activity Trends 18 © 2014 IBM Corporation
Resource Balancing 19 © 2014 IBM Corporation
Running activity analysis  In the Domino Administrator, make the server on which you want to run activity analysis current.  Click the Server - Analysis tab.  In the Tools pane, expand Analyze, and then click Activity. 20 © 2014 IBM Corporation
Running activity analysis (cont')  Do one of the following to select the types of activity you want to log:  To log all the types of activity, skip this step. By default, all activity types are selected.  To deselect a type of activity to log, click the activity type in the “Selected types of activity” pane, and then click Remove. To deselect all the types of activity, click Remove All.  To select a type of activity to log, click the activity type in the “Select server activity types to search for” pane; and then click Add. To add all the types of activity, click Add All  Choose the starting and ending dates and times of the activity you want to view.  (Optional) To write the analysis results to a database other than the Log Analysis database, click Results Database and specify a different database. Then click OK. 21 © 2014 IBM Corporation
Viewing the data in the Log Analysis database  If the Log Analysis database is not already open, do the following:  On your local computer, choose File - Database - Open.  Select the Log Analysis database, and then click Open. (By default,the database title is “Log Analysis” and the file name is LOGA4.NSF.)  In the Task pane, expand Server Activity; and then click the view for the type of activity you want to view.  (Optional) In the Results pane, double-click the record you want to view. 22 © 2014 IBM Corporation
Test Case – Track the IP Address of mail  In the below example we are trying to capture the IP address of the sender machine from where the email was generated.  Perform the Activity analysis for the date you want to track the email.  Click on Mail → Deposited (Sender is “Test User21/Training” who has sent the email to “Test User22/Training”)  Locate the email, as we need the Session ID to get the IP Address. 23 © 2014 IBM Corporation
Test Case – Track the IP Address of mail (cont') Also you can verify the Message ID from the console.log to confirm if it is the same email. Once you have got the Session ID, click on Notes → Session and search for the document with Session ID. It will return the result if the document is found. 24 © 2014 IBM Corporation
Test Case – Track the IP Address of mail (cont')  Client Address field will give the IP Address of the machine from where the email was generated. It give some additional information like which database used to send the email, bytes transferred etc. 25 © 2014 IBM Corporation
Test Case – Track the IP Address of database  In an organization we have generic ID's configured on multiple machines and if we want to track if a particular database has been accessed from which all IP Addresses either it could be through its own ID file or through access delegation.  The Basic purpose is to capture from which all IP addresses a particular database has been accessed.  Run the Activity Analysis for date you want to capture.  From Activity Analysis result database goto Notes → Database 26 © 2014 IBM Corporation
Test Case – Track the IP Address of database (cont') Capture the Session ID Goto → Notes → Session. Search the document using Session ID. 27 © 2014 IBM Corporation
Test Case – Track the IP Address of database (cont')  Client Address field will give the IP Address of the machine from where the database was accessed. 28 © 2014 IBM Corporation
User Activity Logging for a Database  By default Domino logs user activity for a database in each database. However, user activity logging is a great tool for monitoring unauthorized access to certain data, so you should maintain it on vital application data.  To access user activity logging, open the database properties, select the information tab an then click on the button "user detail" Note: ODS 48 have additional column of deletes 29 © 2014 IBM Corporation
Last Active Databases  To know the last active database, open the Activity.nsf → Databases → Inactivity, it will list all the databases. 30 © 2014 IBM Corporation
Troubleshooting Since enabling Activity Logging and setting up Activity Trends, the size of your server's log.nsf is 3 to 4 times larger than before. How can you reduce the size of the log when activity trends are being collected? The overall purge interval for the log.nsf is determined by the third number in the notes.ini variable "log=log.nsf, 1, 0,7,40000". You can set a purge interval specifically for activity trends data by tacking on a number to the end of this value. For example, if you want to purge activity trends documents not modified after two days, you would set the variable to: log=log.nsf, 1, 0,7,40000 ,2 Note: The activity trends purge value can be set to 1 through 6. The default purge for the overall log.nsf is 7 days. 31 © 2014 IBM Corporation
Troubleshooting Since enabling Activity Logging and setting up Activity Trends, the size of your server's activity.nsf will grow in larger size. In order to control the size of activity.nsf use the retention option. By default it stores the data for 10 days To customize the days setting un-check the default option and can set the days option. 32 © 2014 IBM Corporation
Troubleshooting Title: User activity logging is automatically reenabled after being disabled Doc #: 1096282 URL: http://www.ibm.com/support/docview.wss?uid=swg21096282 Title: Examples of events that trigger Read/Write entries in the User Activity log for a database Doc #: 1096117 URL: http://www.ibm.com/support/docview.wss?uid=swg21096117 Title: How to reduce log file size when activity trends are being collected Doc #: 1230016 URL: http://www.ibm.com/support/docview.wss?uid=swg21230016 Title: STATLOG does not display all databases in Database Size view Doc #: 1285394 URL: http://www.ibm.com/support/docview.wss?uid=swg21285394 33 © 2014 IBM Corporation
References http://www-10.lotus.com/ldd/dominowiki.nsf/dx/activity-logging-and-activity-trends Activity Logging http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp? topic=/com.ibm.help.domino.admin.doc/DOC/H_BILLING_OVERVIEW_7158_OVERVIEW.html Activity Trends http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp? topic=/com.ibm.help.domino.admin.doc/DOC/H_TIVOLI_ACTIVITY_TRENDS_STEPS.html 34 © 2014 IBM Corporation
35 | © 2014 IBM Corporation Thank you Q & A Visit our Support Technical Exchange page or our Facebook page for details on future events. To help shape the future of IBM software, take this quality survey and share your opinion of IBM software used within your organization: https://ibm.biz/BdxqB2 IBM Collaboration Solutions Support page http://www.facebook.com/IBMLotusSupport ICS Support http://twitter.com/IBM_ICSSupport

More Related Content

PDF
Important tips on Router and SMTP mail routing
jayeshpar2006
 
POTX
IBM Domino / IBM Notes Performance Tuning
Vladislav Tatarincev
 
PDF
Understanding domino memory 2017
mJOBrr
 
PPTX
HCL Domino V12 Key Security Features Overview
hemantnaik
 
PDF
Domino Adminblast
Gabriella Davis
 
PDF
RNUG - HCL Notes V11 Performance Boost
Christoph Adler
 
PDF
Auto Update(AUT) - HCL Notes
Ranjit Rai
 
PDF
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
panagenda
 
Important tips on Router and SMTP mail routing
jayeshpar2006
 
IBM Domino / IBM Notes Performance Tuning
Vladislav Tatarincev
 
Understanding domino memory 2017
mJOBrr
 
HCL Domino V12 Key Security Features Overview
hemantnaik
 
Domino Adminblast
Gabriella Davis
 
RNUG - HCL Notes V11 Performance Boost
Christoph Adler
 
Auto Update(AUT) - HCL Notes
Ranjit Rai
 
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
panagenda
 

What's hot (20)

PDF
IBM Notes Traveler Best Practices
jayeshpar2006
 
PDF
Domino Server Health - Monitoring and Managing
Gabriella Davis
 
PDF
HCL Domino V12 - TOTP
Ales Lichtenberg
 
PDF
Open Mic "Notes Federated Login"
Ranjit Rai
 
PDF
HCL Sametime V11 installation - tips
Ales Lichtenberg
 
PPT
Configuring Domino To Be An Ldap Directory And To Use An Ldap Directory
Edson Oliveira
 
PDF
An Introduction To The DMARC SMTP Validation Requirements
Gabriella Davis
 
PDF
RNUG - Virtual, Faster, Better! How to deploy HCL Notes 11.0.1 FP2 for Citrix...
Christoph Adler
 
PDF
Users and groups in Linux
Knoldus Inc.
 
PDF
HCL Notes and Nomad Troubleshooting for Dummies
panagenda
 
PPTX
Best Practice TLS for IBM Domino
Jared Roberts
 
PDF
60 Admin Tips
Gabriella Davis
 
PDF
Learn everything about IBM iNotes Customization
IBM Connections Developers
 
PDF
Engage2022 - Domino Admin Tips
Gabriella Davis
 
PDF
dachnug49 - panagenda Workshop - 100 new things in Notes, Nomad Web & MarvelC...
Christoph Adler
 
PPTX
Inform2015 - What's New in Domino 9 & 9.0.1 for Admins
Jared Roberts
 
PDF
HTTP - The Other Face Of Domino
Gabriella Davis
 
PDF
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
BCC - Solutions for IBM Collaboration Software
 
PDF
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Gabriella Davis
 
ODP
Cron
Iryney Baran
 
IBM Notes Traveler Best Practices
jayeshpar2006
 
Domino Server Health - Monitoring and Managing
Gabriella Davis
 
HCL Domino V12 - TOTP
Ales Lichtenberg
 
Open Mic "Notes Federated Login"
Ranjit Rai
 
HCL Sametime V11 installation - tips
Ales Lichtenberg
 
Configuring Domino To Be An Ldap Directory And To Use An Ldap Directory
Edson Oliveira
 
An Introduction To The DMARC SMTP Validation Requirements
Gabriella Davis
 
RNUG - Virtual, Faster, Better! How to deploy HCL Notes 11.0.1 FP2 for Citrix...
Christoph Adler
 
Users and groups in Linux
Knoldus Inc.
 
HCL Notes and Nomad Troubleshooting for Dummies
panagenda
 
Best Practice TLS for IBM Domino
Jared Roberts
 
60 Admin Tips
Gabriella Davis
 
Learn everything about IBM iNotes Customization
IBM Connections Developers
 
Engage2022 - Domino Admin Tips
Gabriella Davis
 
dachnug49 - panagenda Workshop - 100 new things in Notes, Nomad Web & MarvelC...
Christoph Adler
 
Inform2015 - What's New in Domino 9 & 9.0.1 for Admins
Jared Roberts
 
HTTP - The Other Face Of Domino
Gabriella Davis
 
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
BCC - Solutions for IBM Collaboration Software
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Gabriella Davis
 
Cron
Iryney Baran
 
Ad

Similar to Open mic activity logging (20)

PDF
Admin Tech Clash: Discussing Best (and Worst) Administration Practices from ...
Christoph Adler
 
PDF
Admin Tech Clash: Discussing Best (and Worst) Administration Practices from ...
Christoph Adler
 
PDF
Migration from IBM Domino to IBM Verse
ICON UK EVENTS Limited
 
PPTX
Webinar: Migration from IBM Domino to IBM Verse
MOVE4IDEAS
 
PDF
Logging Wars: A Cross-Product Tech Clash Between Experts
Benedek Menesi
 
PDF
BP103 - Got Problems? Let's Do a Health Check
Luis Guirigay
 
PDF
BP103: Got Problems ! Let's do a HealthCheck
Luis Guirigay
 
PDF
Got Problems? Let's Do a Health Check
Luis Guirigay
 
PDF
BP306 - Connecting the dots between Domino, Notes 9 and Connections
panagenda
 
PDF
Connect2013: BP306 Connecting the Dots between IBM Domino, Notes 9 and IBM Co...
Franziska Tanner
 
PDF
IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...
Chris Miller
 
PDF
Preventing serversickness
Gabriella Davis
 
PDF
BP302: Future Proofing Enterprise IT
panagenda
 
PDF
Tip from IBM Connect 2014: New security features in IBM Domino 8.5.x-9.x
SocialBiz UserGroup
 
PDF
ConnectED 2015 BP302: Future-Proofing Enterprise IT
Daniel Reimann
 
PDF
Adm07 The Health Check Extravaganza for IBM Social and Collaboration Environm...
Kim Greene
 
POTX
Next Generation Monitoring for IBM Domino, Traveler, IMSMO, Verse
Vladislav Tatarincev
 
PPT
SHOW104 - Buried treasure: Finding the Hidden Gold in Lotus Notes Data
panagenda
 
PPT
Show104 buried treasure
Mark Myers
 
PDF
#DNUG45 - IBM Notes and Domino Performance Boost - Reloaded
Christoph Adler
 
Admin Tech Clash: Discussing Best (and Worst) Administration Practices from ...
Christoph Adler
 
Admin Tech Clash: Discussing Best (and Worst) Administration Practices from ...
Christoph Adler
 
Migration from IBM Domino to IBM Verse
ICON UK EVENTS Limited
 
Webinar: Migration from IBM Domino to IBM Verse
MOVE4IDEAS
 
Logging Wars: A Cross-Product Tech Clash Between Experts
Benedek Menesi
 
BP103 - Got Problems? Let's Do a Health Check
Luis Guirigay
 
BP103: Got Problems ! Let's do a HealthCheck
Luis Guirigay
 
Got Problems? Let's Do a Health Check
Luis Guirigay
 
BP306 - Connecting the dots between Domino, Notes 9 and Connections
panagenda
 
Connect2013: BP306 Connecting the Dots between IBM Domino, Notes 9 and IBM Co...
Franziska Tanner
 
IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...
Chris Miller
 
Preventing serversickness
Gabriella Davis
 
BP302: Future Proofing Enterprise IT
panagenda
 
Tip from IBM Connect 2014: New security features in IBM Domino 8.5.x-9.x
SocialBiz UserGroup
 
ConnectED 2015 BP302: Future-Proofing Enterprise IT
Daniel Reimann
 
Adm07 The Health Check Extravaganza for IBM Social and Collaboration Environm...
Kim Greene
 
Next Generation Monitoring for IBM Domino, Traveler, IMSMO, Verse
Vladislav Tatarincev
 
SHOW104 - Buried treasure: Finding the Hidden Gold in Lotus Notes Data
panagenda
 
Show104 buried treasure
Mark Myers
 
#DNUG45 - IBM Notes and Domino Performance Boost - Reloaded
Christoph Adler
 
Ad

More from Ranjit Rai (12)

PDF
IBM Connection Adoption
Ranjit Rai
 
PDF
Tip and tricks for IBM Notes Mail - JUMP Session
Ranjit Rai
 
PDF
Open mic user management_20_april2017
Ranjit Rai
 
PDF
Open MIc - Best Practices SCN Migration
Ranjit Rai
 
PDF
Open micictdi
Ranjit Rai
 
PDF
Open mic IBM Sametime 9 limited use server
Ranjit Rai
 
PDF
Features of SmartCloud Notes in Hosted and Hybrid Environments
Ranjit Rai
 
PDF
Open mic on_ibm lotus protector for mail security_23_april2015
Ranjit Rai
 
PDF
Upgrade to domino 9.0.1
Ranjit Rai
 
PDF
Openmiconwhatsnewindomino9socialedition 130411102852-phpapp01
Ranjit Rai
 
ODP
What's new in ibm i notes 9.0
Ranjit Rai
 
PDF
I notes and sametime integration open mic_2013
Ranjit Rai
 
IBM Connection Adoption
Ranjit Rai
 
Tip and tricks for IBM Notes Mail - JUMP Session
Ranjit Rai
 
Open mic user management_20_april2017
Ranjit Rai
 
Open MIc - Best Practices SCN Migration
Ranjit Rai
 
Open micictdi
Ranjit Rai
 
Open mic IBM Sametime 9 limited use server
Ranjit Rai
 
Features of SmartCloud Notes in Hosted and Hybrid Environments
Ranjit Rai
 
Open mic on_ibm lotus protector for mail security_23_april2015
Ranjit Rai
 
Upgrade to domino 9.0.1
Ranjit Rai
 
Openmiconwhatsnewindomino9socialedition 130411102852-phpapp01
Ranjit Rai
 
What's new in ibm i notes 9.0
Ranjit Rai
 
I notes and sametime integration open mic_2013
Ranjit Rai
 

Recently uploaded (20)

PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 
Approach and Philosophy of On baking technology
30anthuong17
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 

Open mic activity logging

  • 1. Exploring IBM Notes/Domino Activity Logging and Activity Trends Open Mic Javed Batliwala Staff Software Engineer Naresh Luthra Staff Software Engineer IBM Collaboration Solutions Powered by IBM SmartCloud Meetings © 2014 IBM Corporation
  • 2. About Us Staff Software Engineer, IBM Notes / Domino javed.batliwala@in.ibm.com Staff Software Engineer, Smart Cloud naresh.luthra@in.ibm.com Ranjit Rai – Lotus Technical Advisor Focussing on Entire Notes Domino Hansraj Mali – Lotus Technical Advisor Focussing on Entire Notes Domino Jayaval Rajendran – Lotus Technical Advisor Focussing on Entire Notes Domino Vinayak Tavargeri- Support Manager – Facilitator for AP Open Mics vtavargeri@in.ibm.com 2 © 2014 IBM Corporation
  • 3. Abstract  IBM Domino Server is having an exceptional functionality and features which fit perfectly for customers and their business needs. While working in professional environment, one cannot forget or compromise in security.  Domino Server is very robust and having very high level of security. It captures different types of logs if it has been configured properly. In day to day activities, administrators may find it difficult to extract the information like IP Addrress of system from which the particular Notes database or mail file was accessed or internal mail routing session/IP details or unused mail databases etc. So let's come together for the session on Activity Logging and Activity Trends. What are the best practices for using Activity Logging and Trends ?  When to use them and when not ? What information you will find in them ? Should I enable on all servers or only one server ? We will provide answers to all those queries.  In this session its our sincere effort to enable our end customers to be more effective and confident in managing and securing their Notes/Domino environment. 3 © 2014 IBM Corporation
  • 4. Agenda  Activity Logging and Activity Trends  How to configure Activity Logging  Working with Activity Trends  Analyzing Activity Logging Data  User Activity Logging for a Database  Test Cases a) Mail b) Notes DB c) Notes session  Troubleshooting  References  Q&A 4 © 2014 IBM Corporation
  • 5. Activity Logging  Server tasks provide enhanced activity data  Activity data stream written to the server log (log.nsf)  Controlled via server configuration document  API provided to access the activity data stream 5 © 2014 IBM Corporation
  • 6. How to configure Activity Logging How to check if Activity Logging feature is Enabled / Disabled:  Type the console command “show server” on Domino console from the output it will show if Activity Logging feature is Enabled / Not Enabled. You configure activity logging by editing the Configurations Settings document.  From the Domino Administrator, click the Configuration tab.  In the Task pane, expand Server and click Configurations.  In the Results pane, select the Configuration Settings document you want, and click Edit Configuration. 6 © 2014 IBM Corporation
  • 7. How to configure Activity Logging (cont')  On the Configuration Settings document, click the Activity Logging tab.  Select “Activity logging is enabled.”  In the “Enabled logging types” field, select the types of activity you want to log.  (Optional) To increase or decrease the frequency of creating Checkpoint records, change the checkpoint interval.  (Optional) To automatically create Notes session and Notes database  Checkpoint records every day at midnight, select Log checkpoint at midnight.  (Optional) To automatically create Notes session and Notes database Checkpoint records every day at the beginning and end of a specific time period, select “Log checkpoints for prime shift” and then specify the times for the Prime shift interval  Click Save & Close.  (Optional) If you are logging activity for LDAP Add and Modify operations and want to change the amount of information logged in the Attributes field from the default of 4096 bytes, follow the steps in the topic “Limiting the amount of attribute information logged for LDAP Add and LDAP Modify activity.” 7 © 2014 IBM Corporation
  • 8. How to configure Activity Logging (cont') 8 © 2014 IBM Corporation
  • 9. Checkpoint  The records in the log file keep track of all activity generated. Domino creates different types of records for each type of activity. For some types of activity, Domino creates multiple records during a session; for other types of activity, Domino creates a single record.  For types of activity that could require long sessions to complete, Domino generates an Open or Authorization record when a session begins. This record indicates that a session is open and shows the time at which the session began. During the session, Domino generates Checkpoint records, which log all activity that has occurred so far during the session  Domino creates Checkpoint records for the following types of activity: IMAP, Notes session, Notes database, Notes passthru, POP3, and SMTP.  Checkpoint records are cumulative; each one contains all of the activity that was logged to that point during the open session. By default, Domino creates a Checkpoint record the first time there is activity after a 15 minute waiting period. 9 © 2014 IBM Corporation
  • 10. Activity logging records Activity type What this logs Agent  Domino server-based agent that run successfully. 10 © 2014 IBM Corporation  Record the name of the agent ,  The name of the database that contains the agent  The amount of time it took to run the agent  Name of the person who last saved the agent Note : The record does not show the types of activities the agent perform , Agent which run on web server HTTP  Name of the Web server  Name of the user accessing the Web Server  The URL the user Clicked  The Number of bytes returned  Time to process the request  Http status code IMAP  Tracks IMAP session activity such as user name , server name , the IP address , number of bytes the client sent and read from the server and the duration of session  Type of records for IMAP Sessions  Authorization records  Checkpoints record  Closed record
  • 11. Activity logging records (cont') Activity type What this logs LDAP  Records information about every LDAP request 11 © 2014 IBM Corporation  Each LDAP request has different structure , generate a different activity logging record for each type Type of requests are Abandon , Add , Bind, Compare, Delete, Modify, Extended, ModifyDN, Search, Unbind Mail  Tracks mail that is sent from and received by a server  Records name of the server that created the record , originator and recipient of the message , message ID , preceding and the next hope on the delivery route and size of the message Type of activity records are Deposit , delivery, delivery failure Transfer , Transfer failure Notes Database  Tracks notes database activity that occur during the server session  Name of the Database , name and address of the database user , number of document read and written , the number of bytes read and written , total number of transactions executed in the database , length of time Db was opened Type of records are Open records , Checkpoints records , Close records , ClosedEnd record , mailDepoist records
  • 12. The information in the log file (cont') Activity type What this logs Notes Passthru  Tracks activity that is generated by a client or a server 12 © 2014 IBM Corporation through a passthru connection.  Information as the number of bytes sent and received, the number of documents read and written, the number of transactions executed, and the duration of the passthru session. Type of Activity records are Open records , Checkpoint records and close records Notes Session  Tracks network traffic that occurs during a server session with a Notes client or with another Domino server acting as a client  Records include such information as the name and network address of the session user, the number of documents read and written, the number of bytes read and written, the total number of transactions executed during the session, and the duration of the session.  Servers, users, and API programs can all generate session activity.
  • 13. Activity logging records (cont') Activity type What this logs POP3  The name of the user, 13 © 2014 IBM Corporation  The IP address of the client,  The number of bytes the client sends to and reads from the server  The number of messages sent to the client,  The number of messages deleted from the client, and the duration of the session. Type of records are Authorization records , Checkpoint records, Close records Replica  The names of the source and  Destination servers,  The replicaID of the database  The number of bytes replicated in each direction. SMTP  Record information such as the IP address of the connected client  The number of messages the client sends to the server,  The number of bytes the client sends to and receives from the server,  the number of recipients to whom messages are sent  The duration of the session.
  • 14. Activity Trends  Core Domino Functionality  Trend user Activity - Identity (Person or DB) - Database - Access Protocol  Statistic for - Current Observation - Historical Trends - Load on Server  Store it in Activity.nsf 14 © 2014 IBM Corporation Data Flow
  • 15. Working with Activity Trends 15 © 2014 IBM Corporation
  • 16. Working with Activity Trends 16 © 2014 IBM Corporation
  • 17. Working with Activity Trends 17 © 2014 IBM Corporation
  • 18. Working with Activity Trends 18 © 2014 IBM Corporation
  • 19. Resource Balancing 19 © 2014 IBM Corporation
  • 20. Running activity analysis  In the Domino Administrator, make the server on which you want to run activity analysis current.  Click the Server - Analysis tab.  In the Tools pane, expand Analyze, and then click Activity. 20 © 2014 IBM Corporation
  • 21. Running activity analysis (cont')  Do one of the following to select the types of activity you want to log:  To log all the types of activity, skip this step. By default, all activity types are selected.  To deselect a type of activity to log, click the activity type in the “Selected types of activity” pane, and then click Remove. To deselect all the types of activity, click Remove All.  To select a type of activity to log, click the activity type in the “Select server activity types to search for” pane; and then click Add. To add all the types of activity, click Add All  Choose the starting and ending dates and times of the activity you want to view.  (Optional) To write the analysis results to a database other than the Log Analysis database, click Results Database and specify a different database. Then click OK. 21 © 2014 IBM Corporation
  • 22. Viewing the data in the Log Analysis database  If the Log Analysis database is not already open, do the following:  On your local computer, choose File - Database - Open.  Select the Log Analysis database, and then click Open. (By default,the database title is “Log Analysis” and the file name is LOGA4.NSF.)  In the Task pane, expand Server Activity; and then click the view for the type of activity you want to view.  (Optional) In the Results pane, double-click the record you want to view. 22 © 2014 IBM Corporation
  • 23. Test Case – Track the IP Address of mail  In the below example we are trying to capture the IP address of the sender machine from where the email was generated.  Perform the Activity analysis for the date you want to track the email.  Click on Mail → Deposited (Sender is “Test User21/Training” who has sent the email to “Test User22/Training”)  Locate the email, as we need the Session ID to get the IP Address. 23 © 2014 IBM Corporation
  • 24. Test Case – Track the IP Address of mail (cont') Also you can verify the Message ID from the console.log to confirm if it is the same email. Once you have got the Session ID, click on Notes → Session and search for the document with Session ID. It will return the result if the document is found. 24 © 2014 IBM Corporation
  • 25. Test Case – Track the IP Address of mail (cont')  Client Address field will give the IP Address of the machine from where the email was generated. It give some additional information like which database used to send the email, bytes transferred etc. 25 © 2014 IBM Corporation
  • 26. Test Case – Track the IP Address of database  In an organization we have generic ID's configured on multiple machines and if we want to track if a particular database has been accessed from which all IP Addresses either it could be through its own ID file or through access delegation.  The Basic purpose is to capture from which all IP addresses a particular database has been accessed.  Run the Activity Analysis for date you want to capture.  From Activity Analysis result database goto Notes → Database 26 © 2014 IBM Corporation
  • 27. Test Case – Track the IP Address of database (cont') Capture the Session ID Goto → Notes → Session. Search the document using Session ID. 27 © 2014 IBM Corporation
  • 28. Test Case – Track the IP Address of database (cont')  Client Address field will give the IP Address of the machine from where the database was accessed. 28 © 2014 IBM Corporation
  • 29. User Activity Logging for a Database  By default Domino logs user activity for a database in each database. However, user activity logging is a great tool for monitoring unauthorized access to certain data, so you should maintain it on vital application data.  To access user activity logging, open the database properties, select the information tab an then click on the button "user detail" Note: ODS 48 have additional column of deletes 29 © 2014 IBM Corporation
  • 30. Last Active Databases  To know the last active database, open the Activity.nsf → Databases → Inactivity, it will list all the databases. 30 © 2014 IBM Corporation
  • 31. Troubleshooting Since enabling Activity Logging and setting up Activity Trends, the size of your server's log.nsf is 3 to 4 times larger than before. How can you reduce the size of the log when activity trends are being collected? The overall purge interval for the log.nsf is determined by the third number in the notes.ini variable "log=log.nsf, 1, 0,7,40000". You can set a purge interval specifically for activity trends data by tacking on a number to the end of this value. For example, if you want to purge activity trends documents not modified after two days, you would set the variable to: log=log.nsf, 1, 0,7,40000 ,2 Note: The activity trends purge value can be set to 1 through 6. The default purge for the overall log.nsf is 7 days. 31 © 2014 IBM Corporation
  • 32. Troubleshooting Since enabling Activity Logging and setting up Activity Trends, the size of your server's activity.nsf will grow in larger size. In order to control the size of activity.nsf use the retention option. By default it stores the data for 10 days To customize the days setting un-check the default option and can set the days option. 32 © 2014 IBM Corporation
  • 33. Troubleshooting Title: User activity logging is automatically reenabled after being disabled Doc #: 1096282 URL: http://www.ibm.com/support/docview.wss?uid=swg21096282 Title: Examples of events that trigger Read/Write entries in the User Activity log for a database Doc #: 1096117 URL: http://www.ibm.com/support/docview.wss?uid=swg21096117 Title: How to reduce log file size when activity trends are being collected Doc #: 1230016 URL: http://www.ibm.com/support/docview.wss?uid=swg21230016 Title: STATLOG does not display all databases in Database Size view Doc #: 1285394 URL: http://www.ibm.com/support/docview.wss?uid=swg21285394 33 © 2014 IBM Corporation
  • 34. References http://www-10.lotus.com/ldd/dominowiki.nsf/dx/activity-logging-and-activity-trends Activity Logging http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp? topic=/com.ibm.help.domino.admin.doc/DOC/H_BILLING_OVERVIEW_7158_OVERVIEW.html Activity Trends http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp? topic=/com.ibm.help.domino.admin.doc/DOC/H_TIVOLI_ACTIVITY_TRENDS_STEPS.html 34 © 2014 IBM Corporation
  • 35. 35 | © 2014 IBM Corporation Thank you Q & A Visit our Support Technical Exchange page or our Facebook page for details on future events. To help shape the future of IBM software, take this quality survey and share your opinion of IBM software used within your organization: https://ibm.biz/BdxqB2 IBM Collaboration Solutions Support page http://www.facebook.com/IBMLotusSupport ICS Support http://twitter.com/IBM_ICSSupport