Open mic smart cloudjournaling
Transcript of Open mic smart cloudjournaling
IBM Corporation ©20152
Open Mic Team
Murali Boddeda Presenter
Ranjit Rai - IBM ICS SWAT
J Rajendran -IBM ICS SWAT
Narendra Nesarikar IBM ICS Support Facilitator for Open Mics
IBM Corporation ©2015
Agenda● What is journaling works
What is SmartCloud Journaling
How does SmartCloud Journaling works
How to set up SmartCloud Journaling
How to download logs from service
What type of logs available in service end
How to analyze the logs
Issues observed
Questions
3
IBM Corporation ©20154
What is SmartCloud Journaling SmartCloud Journaling is a feature which logs below activities in smart cloud
Notes mail delivery, which records each email message that service users send.
Notes client session, which records each attempt to log in to the service from a Notes client to access an application such as mail or the company directory.
Administration activity, which records SmartCloud Notes administration actions.
SmartCloud Connections activities like Files, Meetings, Communities and Sametime
We can use third party FTP clients like Filezilla to connect to the service and download the logs
IBM Corporation ©20155
How does SmartCloud journaling works
The journal is a record of the user activity on your company account. It includes date, time, and user information about events such as logon attempts, password changes, and start times of online meetings.
Approximately every 24 hours, the journal service produces several journal files, one for each component of IBM Connections™ Cloud.
Each file is compressed using gzip and then made available via FTPS on the Connections Cloud integration and migration site. After seven days on the site, the files are removed.
Each compressed file contains a plain text file that is in a human-readable format. The format is consistent and regular so that the text files can be programmatically parsed.
IBM Corporation ©20156
Components of SmartCloud Journaling
.
Component Description
journal service The system that assembles the journals into files, compresses them, and makes them available on the integration and migration site.
journal The journal is a record of events. It is contained in one or more journal files.
journal file A plain text file that contains the records of the events that users performed.
record A complete entry in the journal file. It contains the date, time, and other details about an event.
component A service or feature in Connections Cloud. For example, Files is a component, and Activities is a component.
event An action that a user performed on your company account, such as logging in, downloading a file, or changing a password.
FTPS A file transfer protocol that uses Transport Layer Security to provide secure communications on the Internet
gzip A file compression utility. Use gunzip to decompress the files.
UUID A universally unique identifier, in hexadecimal format
IBM Corporation ©20158
How to set up SmartCloud journaling(cont..)
Download a FTP client from third party website and install it.
Now based on the corresponding data centers you have to use below details to login to your account.
Host ftp.na.collabserv.com(If you belong US data center) ftp.ap.collabserv.com(If you belong Japan data center) ftp.ce.collabserv.com(If you belong to Europe data center)
Username- will be your email address which you have registered for journaling service Password Port no-990
IBM Corporation ©2015
Below is the journal directory Upon clicking journal directory the files can be listed out
10
How to set up SmartCloud journaling(Cont..)
IBM Corporation ©201511
How to download logs from service You can find the list of files which can be
downloaded.
The logs will be stored in respective location and you can extract them and analyze the logs
IBM Corporation ©201512
What type of logs available in service Files
Forums
Notes_NRPC_Session Logs
Sametime
Wikis
Activities
Auth
Meetings
NotesMail
Administrative logs
IBM Corporation ©201513
How to analyze the logs Files
When ever a file is created , updated, deleted or any modification done you can find those entries here as shown in the logs.
EX:-
In the similar way below are the Events triggered and their meaning
COLLECTION_UPDATED The name or description of a folder has been updated. This event will also be received when a community changes its name (target is COMMUNITY)
COLLECTION_DELETED A folder is deleted. This event may be received when a community removes the Files widget (target is COMMUNITY)
IBM Corporation ©201514
How to analyze the logs (cont..) Forums
When ever a forum is created or any other user started following the forum which was created
In the similar way below the events triggered multiple activities.
UPDATE_FORUM Update Forum
DELETE_FORUM Delete Forum
MOVE_FORUM Move Forum
UPDATE_TOPIC Update a topic
IBM Corporation ©201515
How to analyze the logs(Cont..) Notes_NRPC_Session Logs
When smart cloud user logs in to any machine using Notes client we can find the user name and exact time
Above logs contains Number of databases accessed
Number of documents that are read and written
Length of time connected to the service, in seconds
The client versions being used
IBM Corporation ©201516
How to analyze the logs(Cont..) Sametime
If end user logs in to sametime then those events will be captured as below
In the similar way below are the other events triggered and captured in the logs
CHAT_INITIATION Initiate a chat session
LOGOUT Logout
FILE_TRANSFER_EVENT Transfer a file
IBM Corporation ©201517
How to analyze the logs(Cont..)Wikis
If a wiki is created or updated we can see the entries as below
In the similar way below are the other activities captured while end user working with wikis
DELETE_WIKI A wiki was deleted
CREATE_WIKI_PAGE A wiki page was created
UPDATE_WIKI_PAGE_COMMENT A comment was updated
REMOVE_WIKI_PAGE_COMMENT A comment was removed from a wiki page
ADD_WIKI_PAGE_ATTACHMENT An attachment was added to a wiki page
IBM Corporation ©201518
How to analyze the logs(Cont..) Auth
The journaling log for authentication contains records of login attempts and password changes.
Similar way below are the other events triggered during authenticationLOGIN_APP_PASSWORD The password of an application that uses the
basic login (for example, Lotus Notes Traveler)
LOGIN_SSOFederated authentication
LOGOUT User selects Logout
PASSWORD_CHANGE Expired password change
IBM Corporation ©201519
How to analyze the logs(Cont..) Notes Mail
When SmartCloud users send and receive email we can find the logs as below
In the similar way below are the logs captured while services send and receive emails
RECEIVE_MAIL Email has been received to the service user
FAILURE "USER_NOT_FOUND". User name is not found in the directory and the message is not delivered
IBM Corporation ©201520
How to analyze the logs(Cont..) Administrative logs
When SmartCloud Administrator perform any operation in the service those events will be captured as below
In the similar way below are the logs captured
SET_DIRSYNC_SERVERS Set directory synchronization server in a hybrid environment. (Account Settings > Directory Sync Server)
SET_PASSTHRU_CONFIG Set passthru server in a hybrid environment. (Account Settings > Passthru Server )
IBM Corporation ©201521
Issues observed
Issue 1:
Administrators are able to login in the Filezilla client and able to access the root directory but could not find any logs in their account
If administrator subscribed the same account for integration server enablement like MOM tool or LLIS tool then the journaling subscription will be disabled automatically at back end So end user will be able to login to this account but cannot access the logsNow admin can request support by sending email to [email protected] and request them to enable journaling subscription to different administratorOur CSG will enable the journaling subscription from back end then end user can download the logs with out any issue
IBM Corporation ©201522
Issues ObservedIssue 2:
Administrator downloaded the respective logs to check a certain activity of the end users but he could not find those activities in the journaling logs
As suggested earlier journaling logs will hold only last 7 days logs hence you need to make sure whether the activity which you are referring is coming with in that limit of 7 daysIf the same issue occurred with in the time range of the logs but administrator could not find that entry in the logs then admin can note down the exact date and time including timezone and notify support about the activity so that we can track the logs at back end and get back to customer
IBM Corporation ©201523
Issues ObservedIssue 3:
Administrator Unable to connect to FTP client due to firewall issue and while connecting he is getting error messages as shown below
Customer need to make sure that they have open below listed Port 990 (60000-61000)/ FTP PASV (FTP) in/out in their firewall.
Also customer have to make sure they have updated the Firewall with the IP ranges provided by IBM
IBM Corporation ©2015
Questions? Visit our Support Technical Exchange page or our Facebook page for
details on future events.
To help shape the future of IBM software, take this quality survey and share your opinion of IBM software used within your organization: https://ibm.biz/BdxqB2
26
IBM Collaboration Solutions Support page http://www.facebook.com/IBMLotusSupport
IBM Collaboration Solutions Supporthttp://twitter.com/IBM_ICSSupport
26