Managing DirX Audit Server

This chapter provides information on how to manage the DirX Audit Server. It consists of the following sections:

  • About the DirX Audit Server Components

  • Running the DirX Audit Server Service

About the DirX Audit Server Components

DirX Audit Server (also called the Server) hosts the following component types:

  • Collectors to collect audit messages from audit sources.

  • Transformers to transform audit messages from their original data format to audit messages in the DirX Audit format.

  • A digest producer to generate audit events by calculating the digest fields for operation, type and detail.

  • A tag producer to generate message and event tags for each audit message and its audit events.

  • A Persistence Service Unit to write audit messages including audit events and tags into the relational database.

  • An error-handling unit to manage errors in collected audit messages.

  • A scheduler to run scheduled reports, context records calculation, history DB update, and fact population on a regular basis.

  • A scheduler to run purge jobs for history entries or audit messages.

  • A scheduler to run history synchronization and other jobs on a regular basis.

A separate instance of DirX Audit Server is used for every tenant starting with version 7.2.

The following figure illustrates the DirX Audit Server components.

DirX Audit Server Components
Figure 1. DirX Audit Server Components

The collectors read audit messages from their specific audit source and pass them to the appropriate transformer. The transformed messages are then passed to the persistence unit, which adds them to the DirX Audit Database and creates the audit events and tags for each message. Messages that cannot be transformed or stored are passed to the error-handling unit, which stores the failed messages into files. These components are deployed in the form of Apache Camel components and routes.

For more details on these components and their configuration, see the chapters in this guide on database connectivity, collectors, digest and tag producers, fact population and error handling.

Running the DirX Audit Server Service

The DirX Audit Server is based on the Spring Boot technology. A separate instance of DirX Audit Server is used for every tenant starting with version 7.2.

To start and stop DirX Audit Server for a specific tenant, use the DirX Audit Server tenant_name (dirx-audit-server-tenantID on UNIX) service.

Also note that the server will immediately implement any changes in deployed packages and routes in the install_path/server_container/tenants/tenantID/deploy folder (for example, changes of the routes scheduler or deployed collectors) while changes in the server configuration (taken from install_path/conf/tenants/tenantID/configuration.cfg) will be implemented only after DirX Audit Server for a specific tenant is restarted.

The server also uses the JDBC driver file located in the install_path/lib folder. Microsoft JDBC Driver for SQL Server is provided with the standard DirX Audit installation. If you want to connect an Oracle Database, the Oracle JDBC driver should be placed in the install_path/lib folder for both the DirX Audit Server and the DirX Audit Manager. See the section "Oracle Database JDBC Driver Installation" in "Installation Configurations" in the DirX Audit Installation Guide for instructions on how to install it.

See the DirX Audit Release Notes for more information about supported drivers.

Also see the sections "Server Scheduled Jobs" and "Application Container Configuration" in "Configuring DirX Audit" in the DirX Audit Installation Guide for further configuration details.