This section describes how to change the settings for the task to store data such as log and user information transferred from the Management Server to the Log Analyzer Server database.
It is recommended that the log storing process in to the database is performed every day, and the example below assumes that it is.
Once data import in to the Log Analyzer Server is performed, the imported logs are aggregated at the same time as the import of the log data, and the aggregation result will be updated.
At this time, the difference between the aggregation results before and after the data import will be output as a log.
Log output destination
logAnalyzerServerInstallFolder\bin\batchnavi\update0.log
If the file size exceeds 10 MB, update0.log is renamed as update1.log, and update0.log is created. Up to update4.log will be created sequentially. The latest information will always be recorded in update0.log.
Log text output
--------------------------------------------------------------------------------------
Output update information of aggregation at 2015/05/13 10:00:39
Start
20150513 OperationDay20150512 InformationDisclosure(0,0,0,0,0,0,0) TerminalUsing(13,0,64) ViolationOperation(0,0,0,0,0) PrintVolumeMonitoring(0)
End
--------------------------------------------------------------------------------------
In the example above, the number of logs operated on April 8, 2013 and April 9, 2013 has been updated as a result of aggregating the data imported on April 21, 2013, and the number of differences updated is displayed in parentheses.
The numbers in parentheses are differences in each log as shown below:
InformationDisclosure (file export, file operation, print operation(times), print operation(pages), e-mail sending by recipient)
TerminalUsing (window title with URL obtained, e-mail sending by recipient, application startup)
Violation (application startup prohibition, print prohibition, logon prohibition, PrintScreen key prohibition, e-mail attachment prohibition)
PrintVolumeMonitoring (number of printing operations)
Logs are displayed in the report output using the Report Output Tool. Only InformationDisclosure is displayed in the Information Disclosure Prevention Diagnosis window in the web console.
It takes approximately 80 minutes to import approximately 10 million logs. The actual time taken will vary depending on factors such as CPU performance, PC memory and disk capacity, and operational status of other applications.
Note
To secure disk space, regularly back up CSV log files no longer required to the external media
The CSV log files sent from the Management Server to the Log Analyzer Server will remain on the Log Analyzer Server disk even after they are stored in the Log Analyzer Server database.
If shared folders are depleted, log transfer from the Management Server or Master Management Server will fail. To avoid this, regularly check the space on shared folders and back up the logs already analyzed and aggregated before deleting them.
The shared folders on the Log Analyzer Server are typically structured as follows:
Note that logs that have not been analyzed nor aggregated on the Log Analyzer Server cannot be backed up nor deleted.
If the Transfer source log collection date folder contains the log transfer completion confirmation file (conv_end), it means that log analysis and aggregation have been completed for the folder, and it has been stored in the database on the Log Analyzer Server.
In the figure above, the shared folder can be backed up and deleted if the log transfer completion confirmation file (conv_end) exists in each Transfer source log collection date folders under each Transfer source Management Server folder under the Transfer command execution date folder. Back up and delete each Transfer command execution date folder.
Follow the procedure below:
Settings
Select Task Scheduler on Windows.
The Task Scheduler window will be displayed.
From Task Scheduler Library, right-click DTK_DttoolEx, and then click Properties.
The Properties window will be displayed.
Click the General tab, set the information below, and then click OK.
In When running the task, use the following user account, click Change User or Group and specify a Log Analyzer user.
Select Run whether user is logged on or not.
Select Run with highest privileges.
Click the Triggers tab, and click Edit.
The Edit Trigger window will be displayed.
In Settings, set the information below, and then click OK.
Select Daily.
Set Start to a time after the task start time of the data transfer command, so that the task will be executed after the data transfer command is executed.
Select Repeat task every, select the interval and for a duration of.
Click the Actions tab, and click Edit.
The Edit Action window will be displayed.
In Settings, set the following information and click OK.
Program/script: Specify the full path (enclosed in double quotations marks) of the DttoolEx.exe file:
"logAnalyzerServerInstallFolder\bin\dttool\DttoolEx.exe"Add arguments (optional): Specify logTransferDestinationSharedFolderPath (enclosed in double quotation marks) in local path format, not in UNC format.
Start in (optional): Specify the full path of the folder in which DttoolEx.exe specified in Program/script is stored. Do not enclose the value in double quotation marks.
Click OK in the Properties window.
Information
Data can also be imported manually.
In the command prompt window on the Log Analyzer Server, navigate to the folder in which the tool is stored, under the folder in which the Log Analyzer Server is installed:
cd logAnalyzerServerInstallFolder\bin\dttoolExecute the following command to add the data to the Log Analyzer Server database.
DttoolEx.exe -f logTransferDestinationSharedFolderPath