History of Changes

Each report template includes a username to indicate who executed the report. With restricted auditors, different data can be presented in the same report created at the same time.

Full reports can be exported directly from DirX Audit Manager.

DirX Audit Server system service can be configured as Disabled in Windows Server.

Existing pid files are cleaned up in Linux at the system service start up.

Upgraded DirX Audit Message Broker (Apache ActiveMQ 5.17.0).

DirX Audit Message Broker system service can be configured as Disabled in Windows Server.

Existing pid files are cleaned up in Linux at the system service start up.

Improved performance when calculating time series.

No main feature of this version.

Logging based on Java Util Logging instead of Apache Log4j 1.

No main feature of this version.

No main feature of this version.

Logging updated to Apache Log4j 2.

As dxrUID attribute value could be accidently modified in DirX Identity, the attribute values are synchronized in the same way as other attributes.

No new user documentation.

Incorrect data in the Entry changes report.

The Users tab is missing in the History view for the Certification campaign entry type. Web page refresh is required.

The navigation from drill-down view in the Dashboard to the History entry view does not work correctly in certain cases. Wrong data is presented.

Special characters in dashboard component name.

Web Manager is not working without history license.

Exception when DEBUG logging is enabled.

Exception when DEBUG logging is enabled.

Vulnerability in Apache Log4j 2 library.

No major bug fixes in this version.

The index entry for the index 'UK_HST_SMAIT_EAVVFAN' exceeds the maximum length of 1700 bytes for nonclustered indexes.

New options for the dxthistdbtool: Purge function was improved and extended. Export function (into zipped JSON files) was added. User Interface Guide was updated.

The new tool removeDuplicates finishes History Entries with duplicate dirxEntryUUID values.

No major bug fixes in this version.

No major bug fixes in this version.

HistDB workflows stops after SQL exception.

Ability to search according to a selected attribute value in the History view search page.

Improved presentation of modifications recorded with an audit event.

Improved presentation of a reason in the History view when showing approval workflow activity.

New reports presenting risk values calculated in DirX Identity.

New reports on important monitoring data.

Improved performance of several features.

Improved logging to better support application administration.

Improved performance of account to group membership calculation.

Improved logging to better support application administration.

All passwords are saved in encrypted form.

Upgraded DirX Audit Message Broker (Apache ActiveMQ 5.16.2).

All passwords are saved in encrypted form.

Extended size of several table columns to store values up to 850 characters, mainly in case of distinguished names (DNs).

Purge tool can export history entries.

New tool to finish duplicate history entries and keep only the latest one.

No main feature of this version.

Purge tool execution can be scheduled in the Configuration Wizard.

Context calculation can be scheduled in the Configuration Wizard.

The workflow Ident_HistDB_Fill_Entry_UUID can be started multiple times in the so-called dbSingleEntry mode to fill the attribute dirxEntryUUID even for duplicate entries. See chapter 2.6.2 in the History Database Workflows User Guide.

New Installation Preparation Checklist document available to support DirX Audit deployment procedure.

Reduced time to show event detail in DirX Audit Manager.

Some data multiplied in History tab of DirX Audit Manager.

Privilege assignments not visible in DirX Audit Manager.

Incorrect timeline view in the history tab.

Result table in history view contains duplicate entries when searched by attribute name and value parameter.

Exception is thrown occasionally when report 'Changes on User to Privilege Assignments' is performed.

Running configuration leads to java.lang.NoClassDefFoundError: net/yetamine/osgi/jdbc/thunk/DriverSupportThunk.

No major bug fix in this version.

Missing database indexes for context records.

New options for the dxthistdbtool: Purge function was improved and extended. Export function (into zipped JSON files) was added. User Interface Guide was updated.

The new tool removeDuplicates finishes History Entries with duplicate dirxEntryUUID values.

No major bug fix in this version.

No major bug fix in this version.

Error in Workflow Ident_HistDB_Fill_EntryUUID: The result set is closed.

Warning about RoleParams in User HistoryWorkflow.

HistDB Workflow returns "Sizelimit exceeded" with subsequent NullPointerException and increased memory usage of DirX Identity Java Servers.

FillEntryUuidController now resets counters of processed entries on each start.

HistDB Sync workflows - some attributes were flagged as read-only; should only hold for HST_ENTRIES_ID.

FillEntryUuidController generates a lot more logs.

FillEntryUuidController considers also entries with empty dirxEntryUUID (='').

Multiple match when creating history entry for an attributed assignment.

Reduced time between user login and the first interactive screen.

The default tab which is displayed in DirX Audit Manager after user login is configurable.
For more information, see “Manager Application” in “Using the Configuration Wizard for the Core Configuration” in “Configuring DirX Audit” in DirX Audit Installation Guide.

The Event Details summary is extended to show changes on objects.
For more information, see “Viewing Audit Event Details” in “Using the Events view” in DirX Audit User Interface Guide.

In the Reports view when defining a report, Record limit field restricts the amount of results displayed in the Preview report.
For more information, see “Creating a Report File” in “Creating a Report Set” in “Using the Reports View” in DirX Audit User Interface Guide.

New style for all report templates.

Several new or improved report templates.

Improved performance of the History view.

Timeline shows cumulative information about history entry data changes.
For more information, see “Showing a History Entry’s Details” in “Using the History View” in DirX Audit User Interface Guide.

Filtering for presented data in the History view for Role, Permission, Group and User entry types.
For more information, see “Showing a History Entry’s Details” in “Using the History View” in DirX Audit User Interface Guide.

Improved presentation of high number of values for multiple valued attributes.
For more information, see “Showing a History Entry’s Details” in “Using the History View” in DirX Audit User Interface Guide.

Support for Apache Tomcat 9.0.

Improved error handling.
For more information, see “DirX Audit Server Error Handling” in DirX Audit Administration Guide.

Support for monitoring with JMX.
For more information, see “Server Container” in “Using the Configuration Wizard for the Core Configuration” in “Configuring DirX Audit” in DirX Audit Installation Guide and “Monitoring DirX Audit with JMX” in DirX Audit Administration Guide.

Context records calculation scheduled job considers DirX Identity certification campaign events. It considers all events from the campaign start to its end to be part of the same context. The events from the campaign creation until the start exclusive build another context.

The performance of context records calculation scheduled job has improved by a factor around 10.

Extended digest generator for DirX Identity, especially for audit messages on account password changes and manual provisioning.

Improved LDAP collector for DirX Identity.

Improved performance of the History database update scheduled job.

Reduced number of warnings in log files, especially about memberships calculations.

Message repository can be located on a network drive.
For more information, see “Message Broker Connectivity” in “Using the Configuration Wizard for the Core Configuration” in “Configuring DirX Audit” in DirX Audit Installation Guide.

Different accounts can be used for different message queues.
For more information, see “Using the Configuration Wizard for the Tenant Configuration” in “Configuring DirX Audit” in DirX Audit Installation Guide.

Support for monitoring with JMX.
For more information, see “Message Broker System Service” in “Using the Configuration Wizard for the Core Configuration” in “Configuring DirX Audit” in DirX Audit Installation Guide and “Monitoring DirX Audit with JMX” in DirX Audit Administration Guide.

Upgraded DirX Audit Message Broker (Apache ActiveMQ 5.15.3).

SQL Server connectivity authentication method has been extended with Kerberos Authentication with username and password and Windows Authentication.
For more information, see “Using the Configuration Wizard for the Tenant Configuration” in “Configuring DirX Audit” in DirX Audit Installation Guide.

The original message is stored in compressed form.
For compressing existing original message in DirX Audit Database, see “Compress Original Messages” in “Using the DirX Audit Tools” in DirX Audit User Interface Guide.

Database connectivity with encryption has been documented.
For more information, see “Using the Configuration Wizard for the Tenant Configuration” in “Configuring DirX Audit” in DirX Audit Installation Guide.

Support for SQL Server 2019.

Support for Oracle Database 18c.

Support for Oracle Database 19c.

Support for Microsoft JDBC Driver for SQL Server 8.2.2.

DB maintenance tool can purge audit messages according to a user-defined filter.
For more information, see “Purge Audit Messages Data” in “Using the DirX Audit Tools” in DirX Audit User Interface Guide.

DB maintenance tool can purge audit message data in stages: first only the original messages if stored, then the additional part, and finally the core audit message data.
For more information, see “Purge Audit Messages Data” in “Using the DirX Audit Tools” in DirX Audit User Interface Guide.

DB maintenance tool can purge history entry data older than a defined time point.
For more information, see “Purge History Entries Data” in “Using the DirX Audit Tools” in DirX Audit User Interface Guide.

Full support for Java 11.

An administrator can optionally see passwords which are normally obscured. In this case, the administrator clicks the button at the end of the password field to view it.
For more information, see related sections in “Configuring DirX Audit” in DirX Audit Installation Guide.

Configuration Wizard in the silent mode re-encrypts passwords even if there is no other change. An administrator can then change the passwords, for example for keystores and truststores, manually in clear text and after it just start the Configuration Wizard.

Save original message is disabled by default to reduce the total database size. An administrator must enable this feature when it is required.
For more information, see “Data DB Configuration” in “Using the Configuration Wizard for the Tenant Configuration” in “Configuring DirX Audit” in DirX Audit Installation Guide.

History synchronization workflows and History Connector uses the always existing dirxEntryUUID rather than dxrUid for sorting and joining LDAP to History DB entries. Now even entries without a dxrUid can be imported to the History DB and finding the appropriate one is not compromised by DN changes. History Database Workflows.pdf guide provides details on the migration.
For more information, see “Preparing the DirX Identity Domain” in “Preparing DirX Identity for History DB” in DirX Audit History Database Workflows User Guide.

Attribute values that are too long for the table HST_SMALL_ATTRS_IN_TIME are now store truncated and do not prevent the import of the other attributes. The connector logs a warning to inform that the attribute might be moved to the channel with large attributes.

The History DB connector now inserts an entry and its attributes even when it has been deleted in LDAP before and restored from a backup file with the same values, especially the same creation timestamp. When it detects that case, the connector uses the time of the synchronization as the new start date for the entry and its attributes.

DirX Audit Best Practices introduced as a new part of the documentation set.

A procedure on updating PKI certificates has been added to the product documentation.
For more information, see “Updating Cryptographic Material” in “Managing Cryptographic Material” in DirX Audit Administration Guide.

Multiple issues related to the reporting.

-

-

-

dxtPopulateFacts processing ends with an error.

dxtdbtool processing ends with out of memory error.

-

-

Duplicated records on history entries.

Show optionally passwords in the configuration process.

Storing of an original message is off by default.

Configuration Wizard in the silent mode re-encrypts passwords even if there is no other change. Customer can then change the passwords (e.g. for key- and truststore) manually in clear text and after it just start the Configuration Wizard.

Event context is now calculated also for certification campaign events. In the Show Related Events view they now show the events of the same campaign. There are 2 contexts: the preparation phase before the campaign is started and the approval phase after campaign start.

Low performance of the DirX Audit Manager Events / Show Details dialog. (DXT-289)

Misleading ERROR log records when History DB license is disabled. (DXT-313)

User Search in History view is hanging. (DXT-316)

Context calculation is slow. (DXT-289, DXT-305)

Error in context calculation if there are more than 2,000 records in same context. (DXT-299)

Database deadlocks in context calculation and audit message persistence. (DXT-305)

Misleading ERROR log records when History Database license is disabled (DXT-313, DXT-331).

References not calculated when there are duplicated DNs. (DXT-315)

Some DN values not resolved to foreign keys. (DXT-328)

Error parsing version for deployed routes. (DXT-334)

Calculation of references in link attributes is not well performable.

SMTP port number not applied. (DXT-289)

Several RSK_ tables not created with the Configurator – Tenant. (DXT-296)

History DB synchronization workflow cannot store role parameter values longer than 314 characters. (DXT-301)

Cannot insert duplicate key in object HST_ENTRIES_IN_TIME. (DXT-321)

DirX Audit HistoryDB Job blocks History Sync workflow running in IdS-J server of DirX Identity (just History Connector). (DXT-327)

NullpointerException in History Connector when unmarshalling role parameter values without key. (DXT-337)

Migration from DirX Audit 5.0 to 7.0 fails on SQL Server (DXT-318).

-

Extensive support for multi-tenancy in Configuration Wizard, Manager, Server, Message Broker and command line tools.

Extensive support for DirX Identity certification campaigns in Dashboard, Events Monitor, Reports and History View.

New application role Restricted Auditor that can only execute a subset of existing reports. All other DirX Audit Manager features are restricted. Along with report parametrization, the reports can be defined so that for example the Restricted Auditors can see only audit events related to their organizational unit.

Support for CSV reports – Several reports have also a template for the CSV format. A process of converting existing report templates to support CSV format is documented in the Customization Guide.

New authentication methods introduced: Windows username and password authentication and Integrated Windows Authentication (SSO using SPNEGO / Kerberos)

History Connector updated for DirX Identity 8.7.

Audit plug-in updated for DirX Access 8.7.

Support for Apache Tomcat 8.5.

Upgraded DirX Audit Server container (Apache ServiceMix 7.0.1) and DirX Audit Message Broker (Apache ActiveMQ 5.15.3)

Support for SQL Server 2016 and SQL Server 2017.

Support for Microsoft JDBC Driver 6.0 for SQL Server.

Accounts with binary attributes cannot log in to the Manager. (RVFIJS)

A user is redirected to the login page when SSO is enabled. (RWQO76)

Search for names containing special characters is not possible. (RQ0KR3)

DirX Identity view type - date is not formatted correctly in DE locales. (NYXI65)

DirX Audit Server stores original messages when it is disabled. (RTSN64)

Entries missing in History Database - Oracle Database. (R7YOST)

DirX Audit Server is unable to store context data. (SAFLM3)

A statement executes slowly on the database. (SNPJFB)

Signature field is not supported. (O5GMGJ)

The Configuraiton Wizard checks uniqueness of DirX Audit Message Broker queue names for each JMS collector. (Q03K8Q)

DirX Audit / db_maintenance tool: ‘-recsperfile’ parameter of ‘dxtdbtool’ is not working as expected. (QE5IIB)

Command line tools request a confirmation of database connection settings before execution. (OJGKE2)

Extended reporting consisting of additional templates and a quick tooltip overview of saved report parameters.

Extended and pre-calculated context records referencing the root cause for most DirX Identity audit events and the approvals.

Extended dashboard components with a threshold indication and time zooming.

Support for the ‘Why has user this privilege?’ analysis in the History view.

Risk analysis consisting of: configurable set of simple risk factors and compound risk factors, user’s risk scores presented in the History view, risk based dashboard components and report templates both on simple and compound risk factors.

Purge tool supporting relative dates. This makes possible to configure automated operating system jobs that regularly export audit events older than a given time period, for example a year.

Updated DirX Audit Tutorial and a comprehensive report overview provided as a set of all available reports PDF sample files.

Audit plug-in updated for DirX Access 8.5.

Upgraded DirX Audit Server container (Apache ServiceMix) and DirX Audit Message Broker (Apache ActiveMQ).

Events tab - using Advanced Search parameters with a saved Events filter without Advanced Search is not functional (TB PXEJWO-33532).

History view - timeline event markers for linked entries are displayed for the master entry creation date and not the respective linked entry modification date (#1885)

Dashboard - Auditors can also manage public components (#1886)

Updating link attributes in history DB fails (TB PHMPYH).

Extended reporting consisting of: additional templates, report scope configuration in user interface, more reports contained in one PDF document, report previews executed from DirX Audit Manager.

Reports can be designed also on OLAP tables representing data for dashboard components.

Report jobs can be executed as soon as possible by DirX Audit Server.

Charts and reports on imported and orphaned accounts per target system.

Charts and reports on request workflow (approvals and certifications) audit events and history entries.

Audit events of DirX Identity for a selected history entry are shown in the History view.

Digest and dimension generators extended for DirX Identity login and logout audit messages.

Audit plug-in updated for DirX Access 8.4.

A mandatory value of audit message unique identification (Identification – UID) is automatically created when the audit message is to be persisted and the UID is not provided by the audit source.

Who – DN and What – DN fields of the audit message are optional, not required as in previous versions.

DN fields of audit events and history entries extended to 314 characters.

A new Original Message – Signature field is introduced to store signatures proving integrity of original messages.

HST_SMALL_ATTRS_IN_TIME.ATTRIBUTE_VALUE and HST_LINK_ATTRS_IN_TIME.ATTRIBUTE_VALUE columns are indexed by default. Queries using them for searching and ordering execute more performable.

Database connectivity is shown and confirmation requested when running maintenance and fact population DB tools. This is to prevent an accidental execution over a different database.

It is possible to install and configure DirX Audit in the silent mode.

Internet Explorer 10 and 11 supported.

Google Chrome supported.

Java 8 supported.

Windows Server 2012 R2 supported.

DirX Audit Manager runs on Apache Tomcat. DirX Audit Manager service start-up is much faster comparing to DirX Audit 4.0.

Authentication over LDAP SSL (TLS 1.1 and TLS 1.2) fails (TB O6KMR6).

Fine-grained access control does not replace user ldap attribute values in queries.

Incorrect or inconsistent German localization.

What - UID does not contain the request workflow’s UID for audit messages referencing request workflows.

Authentication over LDAP SSL (TLS 1.1 and TLS 1.2) fails (TB O6KMR6).

Fine-grained access control does not replace user ldap attribute values in queries.

It is possible to search for history entries without specifying a time or time range.

The graphical timeline component allows navigating over the history of a selected entry.

The value of the dxrUid attribute is shown in the header of the History view.

In the History view, the changes between selected points in time are highlighted. A filter is implemented to show changes only.

In the History view, if the large attribute value is of type string, leading characters are shown.

In the History view, a new tab Users is implemented to show users assigned to privileges (roles, permissions and groups).

In the History view, it is possible to navigate to referenced entries not only from the Attributes tab, but also from others.

In the History view, it is possible to view time validity range of Privileges.

A new delta history synchronization workflow is implemented for DirX Identity 8.3 and higher.

There are new options for setting the time range of a dashboard component: week to date, month to date, year to date.

Configuration of dashboard components having two facts or two dimensions is supported.

Dashboard components based on history entries can be configured. It is especially possible to see the number of users, accounts, groups, roles and permission per month (covers TB KGQJVS).

It is possible to filter the data in dashboard component according to a Dimension value.

It is possible to navigate from a history entry to the History view when drilling down in the history dashboard component.

The set of dashboard components delivered with DirX Audit was redefined.

Users can navigate from the detail view of an audit event to the history entry representing the active participant (who) and a participant object (what) at that time.

Fulltext indexing is implemented for the What Detail field in the Events (Monitor) view (DAT_AUDITEVENTS.DETAIL). This improves the performance of searches on a substring of this field.

A new version of JMS-Audit Handler Plug-in is delivered to support DirX Access 8.3.

There is an additional option regarding Java Runtime Environment (JRE) to install DirX Audit so that it uses a customer-supplied JRE, instead of using the embedded JRE.

Support for Solaris 11 (Sparc) platform.

Events view slow on first visit (TT N7RMUY).

Context event report - Date and time filter does not affect the records selection. This applies also for Server.

Importing dashboard component does not end when wrong format.

Event view reports are sent with the incorrect suffix via email.

Save As button does not work correctly in the Edit component dialog.

Audit messages with an empty field What - Details - Type are not stored, but routed to the error handling when Oracle Database is used (TB NDPMMH).

Updating link attributes in history DB fails (TB OAWO0M).

dxtdbtool ends up with an error (TB NW2MTT).

History view for searching and viewing the state of DirX Identity entries in the past, comparing their state between different points in time and checking the state of related entries. The DirX Identity domain data is synchronized with the DirX Audit Database according to the configuration of the history workflows and on a defined schedule.

Users can navigate from the detail view of an audit event to the history entry representing the active participant (who) and a participant object (what) at that time.

Users can define reporting service jobs to regularly and automatically generate and email user defined reports according to a schedule plan. It is possible to send via the jobs reports of different sources: dashboard components, events filters, expert queries and additional sources like context events and history data. The reporting service job can be scheduled on a single date and time point or recurring.

Extended integration of DirX Access and DirX Audit. DirX Access audit event objects are transformed to DirX Audit events to provide full context of the original audit message. Also the audit message is extended with naming attributes for better identification of the audit message’s subject (who, active participant) and object (what, passive participant).

DirX Access audit handler plug-in can deliver audit messages via a message broker queue.

The complete DirX Access user session can be presented in the Events (Monitor) view with the Show Related Events functionality.

It is possible to configure the database connectivity in the expert mode.

Support for Red Hat Enterprise Linux 6 AP (x86-64) platform.

Support for Java Platform, Standard Edition 7.

DirX Audit runs natively as a 64-bit application.

DirX Identity view type - date is not formatted correctly in DE locales (TB NYXI65).

The DNs for specifying list of auditors and audit administrators groups are during the authentication procedure evaluated as case sensitive, but case insensitive is sufficient and prevents mistyping in configuration (TB MUNQWH).

Internationalization not realized for fact tables, facts and dimensions in the Dashboard component configuration.

It is not possible to define connectivity for Oracle Database based on a service name and list of IP addresses (TB MKFKRL).

DirX Access file collector stops processing input files creating dxt_collector_stopped.txt in the input folder (TB MNCKU0). The error description in that file contains: "Can’t copy file '…​' to processing folder. Error was: …​ (The process cannot access the file because it is being used by another process)" or a similar non-critical error.

Valid messages can be stored as invalid when sent together with invalid ones.
The server separates the set of audit messages into single records and tries to store them individually. Only the invalid audit messages are stored into the error handling.

Dashboard - The Dashboard view of DirX Audit Manager presents identity audit data that the DirX Audit Server has aggregated according to the various identity audit KPIs in graphical charts. DirX Audit provides a standard set of KPIs modelled as OLAP tables to allow for fast display of important aggregated data. Using the Dashboard, auditors can perform analysis, especially time-based trend analysis of selected KPI data - for example, the total number of users created from day to day over a given period of time - and then drill down to details about audit events as necessary.

Event Monitor - The Event Monitor view of DirX Audit Manager allows searching and retrieving audit events from the central database according to a given search filter. DirX Audit generates a summary for each audit event. It helps auditors to easily understand even complex operations. For example: the approval of a user-role assignment with the modification of the end date and a new role parameter. For each audit event summary, DirX Audit provides detailed information on the event on request of the auditor.

Overall user interface of DirX Audit Manager was significantly improved.

Refactored logical audit message schema and database schema to increase performance.

Multiple causes supported for DirX Identity audit messages.

After installing and configuring DirX Audit all DirX Audit services are up, but trying to work with DirX Audit Manager fails, because of conflicts on the 1089 and / or 8009 ports (TB K9IL1Q).
The JBAS default port numbers are now automatically reconfigured with the Configuration Wizard.

Queries with empty groups fail: If you define an empty group (AND or OR group) within a query definition, that means the group does not contain any rows, the query execution will fail with the error message "Can’t perform query due to database error."
The empty groups are now ignored.

In some cases duplicated records can exist in the database.
A new constraint is defined that the Identification – UID value must exist and must be unique.

DirX Access file collector stops processing input files creating dxt_collector_stopped.txt in the input folder (TB MNCKU0). The error description in that file contains: "Can’t copy file '…​' to processing folder. Error was: …​ (The process cannot access the file because it is being used by another process)" or a similar non-critical error.

Valid messages can be stored as invalid when sent together with invalid ones.
The server separates the set of audit messages into single records and tries to store them individually. Only the invalid audit messages are stored into the error handling.

Rebranded from Siemens to Atos.

DirX Identity API - user information is not always presented in the 'What' group and the privilege information in the 'Info 1' group (TB KXBP3O).

Role parameter value not shown when it contains squared brackets (TB KXWKAH).

A user cannot log in if his / her common name contains umlaut (TB LOLKI5).

Updated File-Audit Handler Plug-in for DirX Access V8.1C. The File-Audit Handler Plug-in for DirX Access V8.1A and V8.1B cannot be used with V8.1C.

Fine-grained access control for retrieving audit records from DirX Audit Database via DirX Audit Manager. (Ticket KAMPQF)

Ability to define queries with multiple conditions on multi value fields in DirX Audit Manager.

Reports can be created in an off-line mode when the user does not need to be logged in to the Manager for the whole processing time.

Original message can be stored with the audit record data optionally. (Ticket KGMPWV)

Revised installation and configuration sections.

New configuration sections according to the new configurator functionality (Fine-grained access control, DirX Audit Message Broker configuration).

Revised for upgrade from version 2.0B.

All chapters revised and adapted to the changed and enhanced user interface.

All chapters revised and adapted to the changed and enhanced user interface.

New chapter about remove duplicated records functionality.

All chapters revised and adapted to the changed and enhanced functionality (Fine-grained access control and others).

All chapters revised and adapted to the changed and enhanced functionality.

New configurator for initial and incremental configuration.

Extended schema for the audit records database with a new sensitivity field Event (R) – Sensitivity. (Ticket KAMPQF)

Modified data type for the What (R) – Detail – Value field from character large object to variable-length character. You can make query criteria over the field.

Extended schema for the configuration database to comply with the query parameters.

A new command line utility can be used to remove accidentally loaded duplicated records. (Ticket K3SQ4Q)

Access control options can be configured from the Configuration Wizard (Ticket KGMOY6).

Original message can be stored with the audit record data optionally. (Ticket KGMPWV)

Fine-grained access control for retrieving audit records from DirX Audit Database via DirX Audit Manager. Access policies can be administrated either in DirX Access or in local XACML files.

Queries with function calls (now, before, after, concat).

Ability to define queries with multiple conditions on multi value fields in DirX Audit Manager. For example, you can now search for user-role assignments with given user and role.

Reports can be created in an off-line mode when the user does not need to be logged in to the Manager for the whole processing time.

Deployment installation did not run. (Ticket KRVLTC)

Help document is not open in DirX Audit Manager. (Ticket K41JTY)

The language cannot be set from German to English in some Windows environment. (Ticket K4UJKH)

Revised installation section.

Completely new configuration section according to the new configurator functionality.

New guide for upgrade from version 2.0A.

All chapters revised and adapted to the changed and enhanced functionality.

All chapters revised and adapted to the changed and enhanced functionality.

New chapter about purge functionality.

All chapters revised and adapted to the changed and enhanced functionality (Tickets J3WMJQ, K2FN3P).

All chapters revised and adapted to the changed and enhanced functionality.

Support for Windows Server 2008 R2 (x86-64 Intel architecture).

Support for SQL Server 2008 (Ticket KMPMML).

Extended schema for the configuration database to comply with the extended query mechanisms.

Collectors can store administrative passwords in an encrypted form.

Every collector can be disabled separately.

A new purge / restore utility can be used for backup and purge functionality. The tool can export audit records based on a time constraint and optionally delete the exported records from the database. The tool can also import or restore previously exported or purged audit records. The records are stored in proprietary XML format.

SSL connection can be configured.

Files that are preserved during the error handling procedure are now stored in compressed format to save space.

Administrative password for LDAP authentication is stored in an encrypted form.

Queries can be restricted by date and time, not only date.

Common layout and DirX Identity view types. They can be used in the Table view and the report template definitions.

Optimization and better integration with database layer for higher performance.

Separation of search and design mode for queries.

Via design mode, an administrator can set up queries with parameters. In search mode the user sees only the parameter fields. The rest of a complex query definition is not visible to him.

More complex queries supported (brackets, combination of and / or, more comparison operators including the like operator). See remarks in the Known Issues section.

Wildcard mechanisms according to SQL / HQL syntax for like operator. Any string is represented by '%', a single character by '_'.

Proposal lists for the parameter value fields in search mode. Number of proposed values is configurable. See DirX Audit Customization Guide for more information.

History functionality for queries. Users can select from a list or use forward and backward buttons. Parameter values for a specific query are preserved.

Query items in the tree display a tool tip that comes from the description field of a query. This allows defining short query names and a longer description as tool tip.

You can copy and move queries within the tree. Use the Cut, Copy and Paste commands on query items or query folders.

File names during query export contain the exported object name, date and time. This allows distinguishing multiple exports of the same object.

Queries can be built on the Raw Data API or on specific ones (Common, DirX Identity). You can use Raw Data API fields in specific APIs for searching and display, that means you can mix these attributes.

Tree import can process also queries created in the previous product version.

Column groups can be reordered without restriction.

Reordering columns within a column group is possible.

Consecutive table rows can be easily distinguished with two colors (white and light blue). This is especially helpful when viewing expanded rows.

Expand / Collaps buttons work on single rows and - if used from headers - for all rows.

The context menu on result rows reflects the structure of the corresponding Context part in the query tree.

Use of the Common and DirX Identity view types allow displaying beautified information that is better suited for end users and auditors.

Report template samples for Common view type and DirX Identity view type.

More report formats supported, for example CSV, ODF, XML.

Encryption and compression of PDF reports supported.

Users see a personal list of all created reports.

Users can download or delete one of these reports.

Dynamic selection field allows filtering the rows in the statistics table.

You can now create (optionally combined) statistics and chart reports on the statistics result. Defining your own report templates is possible.

The charts for reports and the charts view are based on the same basic technology (JFreeChart).

Chart technology unified with the one used in reports (JFreeChart is used as base technology).

More chart types available (Area, Bar, Bar 3D, Line, Line 3D, Pie, Pie 3D, Ring, Waterfall).

Charts can be resized.

Completely revised set of sample queries.

Sample queries use as far as possible the Common and DirX Identity APIs (view types) to provide nicer table display.

An updated set of DirX Identity sample data to run the tutorial or to use the sample queries.

An updated set of DirX Access sample data to run the tutorial or to use the sample queries.

Revised API functionality.

The new Common API provides beautified display fields that can be used for any application.

The new DirX Identity API provides beautified display fields that allow better understandable table result.

The HTTP header variable for user authentication is now customizable.

Low performance of the DirX Audit Manager and connection lost (Tickets KZIII7, KBQPYV, KCELEA).

The report templates did not display certain fields under special conditions. This is corrected.

Problems with too large text values in audit record (Tickets JIJIGT, J6PMMY).

Problem with null pointer exception in the persistence unit (J9JJD2).

DirX Audit Installation Guide: is completely revised and adapted to graphical installer. Describes also the configuration procedure.

DirX Audit Introduction: explains motivation, benefits, concepts and architecture.

DirX Audit Tutorial: use this guide to learn how work with DirX Audit with the provided sample data.

DirX Audit Administration Guide: provides information about DirX Audit’s server components and the supported normalized data schema.

DirX Audit Customization Guide: explains how to modify the DirX Audit Manager, to manage reports and to build custom pages.

DirX Audit User Interface Guide: describes all features of the DirX Audit Manager.

Graphical installation tool based on InstallAnyWhere available for both Windows and Linux platforms.

Support for Suse Linux Enterprise 10 platforms.

Support for Oracle 10g.

The column WhereFrom-Identifiers stores now suite information. Records are easily distinguishable, for example suite=DirX Access or suite=DirX Identity. Other systems can fill suite information here, too.

DirX Access collector that delivers standard files in generic DirX Audit format.

All pull collectors stop working if the database is currently not available. Start automatically if database is available again.

All push collectors store their data in intermediate files if the system is not available. Processing of intermediate stored records is resumed after the system is available again.

No records are lost. If any error occurs, all incoming audit messages are stored in the error folder and can be later examinated to find out, what caused their rejection. If they were rejected because of the database connection lost, they will be processed automatically, when the connection is restored.

When the database connectivity state is changed (connected/disconnected), system administrator is informed via email.

Error and info messages from DirX Identity audit records are stored in the separate field Event – Information.

Fully configurable LDAP authentication.

New layout requiring minimum scrollbars on the page.

‘Save As’ button evokes new popup window to collect information about the data storing for the better usability.

‘Reload’ button appears when the configuration item is modified but not saved. Clicking this button discards all changes and reloads the original configuration item from the tree menu.

Export and Import of query folders and items to exchange queries between DirX Audit users.

The 'number of record' information is shown also above the table.

Two report templates are available:

Maximal limit of audit records displayed in the report is configurable via property “Report.maxRecords” in the configuration.properties file.

Stable API for Jasper reports.

Stable API for development of custom pages.

Query folder structure is shown in collapsed form after login.

Doubled scrollbars are removed in table view (only the browser scrollbars are used now).

Row height in table view is minimized.

Instead of creating a default item (for example "New folder") that must be renamed subsequently, the name is requested when creating the item.

Correct format of date field content according to the used locale.

Entry of same day for "Date from" and "Date to" did not deliver a result.

Page size box within queries did not work correctly.

It was not possible to change to the configuration view from the default query that was displayed directly after login. The “Configuration” link is displayed immidiatelly after the login now.

Identifier fields contained values like "com.siemens.dxt.persistence.TVPTParticipantObject …​". These values are no longer shown.

All possible aggregation functions available on the statistics and chart tab.

The button Save As can be used when number of query rows changed (using Add line and Delete line buttons).

When using parts of DirX Audit in the custom pages, it is possible change queries with different number of query rows.

The lengths of all String values of the incoming audit record are checked and if too long shorten with the end mark “…”.

The issue with the long install path on Windows solved.

HistoryOfChanges.

The database schema for audit data was redesigned to support creation of large reports.

The database schema for configuration data was redesigned to support more complex structure of predefined queries or more precisely configuration items.

Audit data table and configuration table indexes were preconfigured to support queries over larger amount of data.

New JMS binding component for audit records in the DirX Audit format.

New File binding component for audit records in the DirX Audit format.

LDAP binding component: supports now the search base LDAP parameter. The value can be set in the configuration file.

New error handling functionality. All incorrect audit records are stored into the file system.

New simple email notification functionality. An email message is sent containing results of error handling.

Connection between the Apache ActiveMQ on one side and JMS binding component and DirX Identity on the other side can be configured to require simple authentication (username and password).

Three more columns (Event – UID, Event – Cause and Event – Operation) allow sorting of the result set according to their content by clicking on their header in the result table.

Searching according to columns which contain int or boolean values (Event – OK, What – Lifecycle, What – Type – Code, What – Type – Role, Who – Requestor)) was implemented.

The paginator was advanced to support jump to a specified page.

The table sorting is stored with the table definition.

The tree structure for stored queries supports folder hierarchy. Operations create (New Folder, New Item), rename and delete can be performed over the folders and configuration items representing queries and their layout definitions.

More default queries delivered.

Simple context queries can be defined. Context queries contain parameters which are automatically filled by values of the selected audit record.

An example of custom pages is delivered. The custom pages feature introduces a way how to integrate DirX Audit Manager functionality with an existing web application.

A chart did not render when accessed for the first time after running a query.

Report table showed only data from the first page of the result table on the Query tab.

When user who was member neither Auditor nor AuditAdmin group authenticated the Manager threw an error.

Standard readme file

DirX Audit V1.0B Installation Guide

Configuration of all relevant parameters for all services is possible via INI files.

Support of Microsoft SQL Server 2000.

Optionally support of one single database for audit data and configuration data.

File collector allows retrieval of files in the new DirX Identity format (8.0C SP0 or higher).

Windows services for all audit server components.

The resizable layout of the web application allows users to fully use the whole screen (independent on the screen resolution).

Web SSO via header information allows integration into third party web interfaces.

All possible columns in the result table are visible and configurable via the Configuration menu.

Searching and new statistic variants added according to columns with string values.

It is possible to use both DN and cn for login.

Some columns allow sorting of the result set according to their content by clicking on their header in the result table.

Report’s template is bound to the predefined query in the tree menu, i.e. reports are query specific.

Selecting specific queries resulted in the error message "We are sorry but you requested a page that does not exist".

Expansion of an expandable audit entry that was displayed in the last row was not possible.

Several minor issues fixed.

New JMS binding component instead of original one from ServiceMix to allow better integration with other Audit components.

Readme.

Installation Guide.

The database schema is an extension of the RFC3881 (ATNA) standard.

The extended format of DirX Identity V8.0C SP0 or higher can be stored in the database, i.e.

LDAP binding component: retrieves DirX Identity history records.

JMS binding component: retrieves DirX Identity real-time and request workflow audit records.

File binding component: retrieves DirX Identity history records from files in old format (8.0C or earlier).

The server is built on JBoss technology.

It uses ActiveMQ as built-in JMS-compatible message server.

ServiceMix technology is used for data flow management.

Persistence component to write the received audit records to the relational database.

The Manager is built with JBoss Seam technology.

Authentication against DirX Identity is enforced.

Authorization is based on the AuditAdmins and Auditors groups of the DirXmetaRole target system in DirX Identity.

The application comes with an initial set of default queries.

Administrators can set up and maintain public queries.

Users can set up and maintain private queries.

Queries comprise setting a time range, a filter definition with multiple search criteria based on a set of predefined attributes and a configurable size limit for the displayed page.

The result table column design is currently fixed and not customizable. The number of displayed rows if configurable. Sorting of columns is not supported.

Audit records with multiple passive participants (for example a role assignment with a user, the role and the assignment itself) can be expanded or reduced to display the detail information.

Reports are based on the query result.

Report technology is Jasper reports.

The system comes with two default reports.

Supported report formats are HTML and PDF.

Administrators can setup additional report templates with any Jasper-compatible tool like Jasper iReport. Mapping to DirX Audit’s entity beans is described on DirX Audit V1.0 Jasper Reports.jpg in the Documentation folder.

Statistics are based on the query result.

Statistic reports allow data aggregation in the form of a table. The aggregation parameter is selectable.

Charts are based on the query result and display the statistics information graphically.

The aggregation parameter and the chart type are selectable.

Several parameters allow for modification of the displayed chart dependent on the selected chart type.