Release Notes

DirX Audit provides a platform for the central compilation and analysis of identity-based audit logs and snapshots of history entries. It includes collectors to retrieve or receive audit information from external source applications, workflows and connectors to import history entries, a database to store this information securely and the DirX Audit Manager to evaluate the stored audit messages and history entries.

DirX Audit comprises these main features:

This section lists important new features of DirX Audit 7.2 compared to DirX Audit 7.1 SP2.

See the HistoryOfChanges.doc file for a history of changes of previous DirX Audit releases.

Main features of this version are:

Manager

Server

Message Broker

Database

Command Line Tools

Installation

Configuration Wizard

History Database Workflows

Documentation

DirX Audit 7.2 does no longer support these features:

DirX Audit 7.2 is the last version that supports the following features:

Previous DirX Audit releases:

DirX Audit 7.1 SP2 05/20/22 *)
DirX Audit 7.1 SP1 08/03/21 *)
DirX Audit 7.1 07/31/20 *)
DirX Audit 7.0 SP1 10/18/19 *)
DirX Audit 7.0 06/29/18 *)
DirX Audit 6.0 04/15/16 *)
DirX Audit 5.0 06/19/15 *)
DirX Audit 4.0 04/11/14 *)
DirX Audit V3.0B 05/17/13 *)
DirX Audit V3.0A 03/30/12 *)
DirX Audit V2.0D 12/13/11 *)
DirX Audit V2.0C 10/20/10 *)
DirX Audit V2.0B 04/30/10 *)
DirX Audit V2.0A 05/31/09 *)
DirX Audit V1.0C 01/23/09 *)
DirX Audit V1.0B 11/10/08 *)
DirX Audit V1.0A 09/12/08 *)

*) See the HistoryOfChanges.pdf file for a history of changes of previous DirX Audit releases.

Software packages for all platforms are usually distributed on DVDs. All platforms are delivered together on one DVD.

In addition to the distribution medium, you must purchase separate product licenses in order to use the software packages.

Please contact your local sales representative for details on product licenses.

Each DVD ships with modified sources of the:

The following manuals are available in PDF format of Adobe:

DirX Audit Installation Guide (Installation Guide.pdf).

DirX Audit Migration Guide (Migration Guide.pdf).

DirX Audit Introduction (Introduction.pdf).

DirX Audit Tutorial (Tutorial.pdf).

DirX Audit Administration Guide (Administration Guide.pdf).

DirX Audit User Interface Guide (User Interface Guide.pdf).

DirX Audit Customization Guide (Customization Guide.pdf).

DirX Audit Best Practices (Best Practices.pdf)

DirX Audit History Synchronization Guide (History Synchronization Guide.pdf)

DirX Audit Installation Preparation Checklist (Installation Preparation Checklist.pdf).

You need Adobe Acrobat Reader (or a similar PDF viewer) to view PDF files. For a free copy of Adobe Acrobat Reader please refer to

http://www.adobe.com/prodindex/acrobat/readstep.html

or to

http://www.adobe.com

The documentation set also provides a full-text index. The subfolder with the suffix "_IDX" contains the full-text index data files for the manuals. The file with the suffix ".PDX" contains the index description.

If you open a manual, the associated index is attached automatically. All word options (Case sensitive, Sounds Like, and Word Stemming) were enabled when the index was built. There are no numbers or stop words excluded from the index.

Browsers may not provide Adobe Acrobat Search. To use this feature just open one of the manual files, for example Documentation\DirXAudit\Introduction.pdf with Adobe Acrobat Reader.

On Windows systems, files with the suffix ".txt" or ".pdf" can be opened by double-clicking them.

The setup also provides each document.

All manuals except the Installation Guide and Migration Guide and Best Practices and Installation Preparation Checklist are also available as Web Help projects. These projects are copied during the installation procedure to the folder

install_path\Documentation\DirXAudit\WebHelps

Open the relevant file in the corresponding subfolder:

Make sure that the browser is configured to allow ActiveX controls and plugins and considers ActiveX scripts as safe.

Third party software is delivered with its documentation.

At least 8 GB RAM is recommended for DirX Audit.

The installation requires temporarily 2.0 GB of disk space. The complete DirX Audit installation requires 1.5 GB of disk space.

For data and log files additional space is required.

At least 10 GB of free disk space is recommended for DirX Audit.

There is a limit on the maximal size of the input audit message that DirX Audit Server can handle. This limit cannot be explicitly calculated because it depends on the configured environment and form of the input. In general, the size of the incoming audit message should not exceed several megabytes in original form.

For example, adding a new group with 100 000 members in DirX Identity can produce such huge messages.

DirX Audit Server stores these messages into error storage.

If all available free memory is exhausted the DirX Audit Server can even crash. You can manually assign more memory to the DirX Audit Server container or process this input manually.

See also Known Issues section for detail on specific collectors.

In some cases, the data is not updated immediately. For example, DB maintenance tool purges history entry data, but it is still visible in DirX Audit Manager in the History view. The reason is that the purged data is removed from the primary table, but DirX Audit Manager presents data originated in database materialized views. These views must be refreshed to reflect the change in the primary table. It is usually done automatically on a daily basis.

Description: Services do not behave correctly, for example graphics are incomplete and DirX Audit Manager does not work correctly.

Solution: Check permissions on installed and created files and folders. Run all DirX Audit services on Linux platforms under root account if the problem still exists.

Description: There are two system services typically installed and automatically started in default installations: DirX Audit Message Broker and DirX Audit Server. The DirX Audit services on Linux might not start correctly after they have been stopped unexpectedly before, for example if process or system crashed or on power failure. The reason is that several files containing PIDs of the running processes are not deleted in such cases.

Solution: To fix the problem you must follow these steps.

Check if the related processes are not running, for example using ps command - check for java and wrapper binaries pointing to or referencing the DirX Audit installation path.

Remove the following PID files if existing for the selected service that doesn’t start:

DirX Audit Message Broker service:
install_path/message_broker/dxt_messagebroker_wrapper.pid
install_path/message_broker/dxt_messagebroker_java.pid

DirX Audit Server service:
install_path/server_container/tenants/tenant_id/dxt_server_container_wrapper.pid
install_path/server_container/tenants/tenant_id/dxt_server_container_java.pid

Start the relevant services.

Description: DirX Audit Message Broker does not start if SSL listener is enabled and the SSL broker was not configured correctly. SSL configuration must be prepared manually.

Solution: Do not enable SSL connector on DirX Audit Message Broker configuration page unless the SSL support is configured properly. See DirX Audit and Apache ActiveMQ documentation for the SSL configuration procedure.

Description: Update or upgrade installation on Linux under root doesn’t preserve the selected target user (that was selected to run the applications in previous installation). All installed files are owned by root and the target user and groups values are missing the configuration file.

Solution: Perform the update or upgrade installation on Linux as root in either console or GUI mode. You need to manually correct the installation if a silent update or upgrade installation has been already performed. Execute the following steps to fix the installation in that case:

Description: The installation and uninstallation are not started correctly on some newer Windows systems. After executing the installer an error window with title "Fatal Application Error" is displayed containing text "This Application has Unexpectedly Quit". If details are expanded the following text is displayed on top: "Flexeraaw2$aaa: Windows DLL failed to load".

Solution: This is a known issue in the software used for creating the installer. To fix it a new environment variable must be set to force the compatiblity with older Windows for Java applications:

JAVA_TOOL_OPTIONS="-Dos.name=Windows 7"

This variable can be set either globally for the user (via Control Panel) or only on a command-line before starting the installer
(SET JAVA_TOOL_OPTIONS="-Dos.name=Windows 7").

After this variable is set and applied the installer starts correctly.

Description: DirX Audit Server might stop processing audit messages if an already stored error message (due to a database disconnection) fails to persist again due to a different problem.

Solution: Stop the DirX Audit Server service, move the stored error messages to a different folder, clear the error storage folder (delete it) and start the DirX Audit Server service again. The moved error messages can then be processed later by the file collectors after investigating and resolving the reason leading to the persistence error.

Description: DirX Audit Server might stop sending generated reports due to a different problem.

Solution: Restart the DirX Audit Server service.

Description: Collectors and the scheduler for jobs and fact population run within the same server container (running under DirX Audit Server service). Under some rare conditions it can happen that either collectors or scheduler (for jobs and fact population) do not start correctly, while the other one is started and runs. Fact population is enabled only when Dashboard feature is licensed.

Solution: Stop DirX Audit Server service if started. Start DirX Audit Server service. Wait approximately two minutes and check if both collectors and the scheduler (including fact population when enabled) service components were initialized and started correctly.

If this procedure does not help, repeat it.

Description: DirX Audit Server doesn’t start correctly after it had been shut down or restarted forcefully or some manual modifications have been done on server deployment when it was stopped.

The result is an error and incorrect startup of the core server features. For example the following exception occurs in the dirxaudit-server.log: "java.lang.Exception: java.lang.NoClassDefFoundError: net/yetamine/osgi/jdbc/thunk/DriverSupportThunk"

Solution: Stop the DirX Audit Server service and re-start the service again.

Description: DirX Audit Server occasionally records an InputStreamZippedJarVisitor warning.

Solution: This record does not indicate any dysfunction. You can ignore its occurrence in the dirxaudit-server.log file.

Description: In certain cases, when DirX Audit Server service is running and a tenant’s DB configuration is modified with the Tenant Configuration Wizard, DirX Audit Server DB connectivity is not refreshed and uses the original DB connection settings.

Solution: When DB configuration is modified with the Tenant Configuration Wizard, include also the Collectors Configuration in the performed steps to force DirX Audit Server to refresh the DB connectivity.

Description: The dirxaudit-server.log file may contain several records on org.osgi.framework.BundleException.

Solution: No action is required. These exceptions do not influence normal behavior of DirX Audit Server.

Description: When DirX Audit Server executes a list of SQL scripts and any of them is terminated with an exception, the execution of the rest of scripts is not started.

Description: Sorting in the Audit analysis view for the What Details column is not implemented.

Description: To avoid poor performance during query execution in the Audit analysis view, do not use the 'contains' and ‘ends with’ operators with wildcards (%, _) in the Audit analysis view. Use other conditions as there are 'equals' or 'starts with' alternatives in the Audit analysis view (constant prefix).

In the Audit analysis view you can use the ‘contains’ operator in the query in case you prepare the database for it. It is necessary to create the full text catalogue and full text index over the data database. If you check the flag Use full-text search in the Tenant Configuration Wizard, the catalogue and index on the DETAIL column of the DAT_AUDITEVENTS table is created automatically.

Description: The user can set dashboard component title’s font, size, and style, but the settings are not reflected. The reason is that the component’s title is shown only in the component’s header and not in the chart area in the Dashboard view. The font, size and style settings are applied only when exporting the component into a document with the Export function.

Description: A report is not created and sent or is not correctly displayed. The problem might be caused by using a font that is not available on the system, for example Microsoft core true-type fonts.

Solution: Check used fonts in the report template and use either generic types like Serif or Sans-Serif or install the required font, for example Microsoft core true-type fonts.

Description: A dashboard component, an event report or a context event report can be attached to a scheduled report in a job definition. When you or some other user in a case of public dashboard components and Audit analysis view filters delete the object referenced in your job, you are not notified about the modification and the job is not running anymore.

Solution: Be careful what dashboard components you use in jobs. Prefer private dashboard components and Audit analysis view filters where you have full control. When your job is not run and reports delivered, check definition of the attached dashboard components.

Description: A dashboard component report or an event report is not generated when run directly from DirX Audit Manager and Oracle Database is used as a data store.

Solution: Run the requested report as a scheduled job in near future.

Description: Different total numbers of events could be displayed in the Audit analysis view and in the History view for the same time range and corresponding filters. This stems from the fact that History view search is based on the entry’s dxrUid matches while the Audit analysis view search is based on the entry’s name searching.

Description: When many groups are to be compared for a user’s membership, the authentication fails for exceeded limits.

Solution: Create LDAP groups used for DirX Audit application role mapping in a separate subfolder with a restricted search base.

Description: When DirX Audit Manager can access more domain controllers, the user identity could be authenticated with a different domain than the intended one. This could lead to a misuse of a user identity.

Solution: Restrict the list of key distribution centers in the Kerberos krb5.conf / krb5.ini file to intended domains only and disable the DNS lookup of key distribution centers (KDC).

Description: Audit events not having an available (N/A) dimension value are not considered in an aggregation by this dimension. A dashboard component chart does not contain data of such audit events.

Description: If the dashboard report is scheduled using the Schedule icon in the Dashboard component, the changed report settings for the scheduled report are not saved.

Solution: Create a report set from the Reports tab using the Add a new report set link and use the Generate dashboard chart component.

Description: When the dashboard is referencing one of the obsolete dashboard components (Risk users based on compound factor by month and risk level, Risk users based on simple factor by month and risk level, DirX Identity total history certification campaign entries by month and lifecycle state), it is not rendered.

Solution: Remove the components in the Manage Components list, disconnect and re-connect to the application and remove the component reference from the dashboard configuration.

Description: The dashboard indicates that the referenced dashboard component is not available.

Solution: Remove the dashboard component reference from the dashboard configuration in the Layout dialog.

Description: Huge reports configured for text format (TXT) and using plain template are not generated. An exception ArrayIndexOutOfBoundsException is logged into the log file.

Solution: Set a smaller number of rows or change the output format (use for example csv or rtf).

Description: The picklist in the report configuration dialog can contain also records that are not stored with a UID in the database. These records are not transferred to the Selected section.

Solution: Configure your Identity Store thoroughly to prevent operations on records without providing their UID.

Description: When an object is present in the database with more combinations of values of descriptive attribute, more records for the same object are shown in the picklist’s Found section of the report configuration dialog. Only one of them is transferred to the Selected section.

Description: There is an unlocalized selection of history entry type in the History Entries by Entry Type report scope configuration screen.

Description: Several reports contain an overview chart. But it is not included when the HTML format is used.

Solution: Use an alternative report format like PDF.

Description: Execution of report jobs referencing legacy report templates or dashboard components fails.

Solution: Reconfigure the legacy report in the report set. Remove the dashboard component reference from the report set.

Description: DirX Identity can produce huge audit messages. An example is the creation of a new target system group with 100,000 members. This results in one huge audit message. You should avoid producing this type of messages.

Solution: Define account-side memberships in all target systems that shall be audited on the DirX Identity side. If this is not possible remove temporarily the relevant member attributes from the audit policy.

Description: When several collected audit messages have invalid xml structure, for example for a missing element attribute, the whole set, by default 10 audit messages, is directed to the 250-nonrecoverable-xml subfolder. No audit message of the set is persisted.

Solution: You can prevent this behavior by specifying the send_count = 1 in the tenant’s configuration.cfg file in the specific LDAP or File collector section.

For example, navigate to the install_path\conf\tenants\tenantid\configuration.cfg file and extend the following section with the configuration parameter send_count value set to 1.

Description: The What – Lifecycle field is empty for most DirX Identity audit messages. It is not filled by intention as no corresponding data is provided by DirX Identity.

Description: The fact population on the History DB deployed at the Oracle Database has low performance.

Solution: Carefully schedule the fact population out of common business hours.

Description: The fact population SQL scripts for the history entries support only the VALIDFROM input parameter. There is no support for the VALIDTO input parameter.

Description: When a referenced entry is moved in the directory structure, this is not reflected as a modification of the referencing entry and the modifyTimestamp attribute value is not changed for the referencing entry by DirX Directory. If there is no other modification in the referencing entry, the change is not recognized with a modify job, as modifyTimestamp value is not updated, and the new distinguished name value is not synchronized.

Solution: Execute also delete jobs on a regular basis.