Managing DirX Audit Server Error Handling

A set of collector routes are created and run for every tenant. Also a separate instance of DirX Audit Server is used for every tenant starting with version 7.2. Each collector route has the following parts that are connected by the routing mechanisms:

An error can occur at any of these steps when processing an incoming record. DirX Audit Server makes sure that if such an error occurs, the relevant record is not lost but is either correctly processed or stored with additional information into error storage for later automatic or manual processing.

The incoming records can contain one or more target messages (for example, when using the file or the LDAP collector). If an error occurs when processing such a record, the contained messages are cut to single messages by the splitter component and are processed one by one (so that only the ones that are causing errors are stored in error storage when needed).

The record is stored into error storage if an error occurs and it can’t be resolved by the DirX Audit Server.

The error storage component stores errors into files. For every error, it stores both the original record and the information about the error (type, exception and related properties).

The record(s) are kept in the source system and should be picked up again later by the collector (on the next poll) in the following cases:

If the error occurs later in the transformer or Persistence unit (but is handled by them or the error storage component), the incoming record is removed from the source system and is either correctly reprocessed by the DirX Audit Server or stored into the error storage.

Two main types of error can occur during processing:

There are two sub-types that are stored in separate folders:

The base folder is configurable in the Tenant Configuration Wizard. All subfolders (for every error type and sub-type) within this folder are created automatically when first needed.
The following type subfolders can be created:

100-recoverable

200-nonrecoverable

250-nonrecoverable-xml

300-duplicates

When an error is being stored, additional subfolders are created within the corresponding type subfolder – based on the current date. Two levels are created: the first is based on current year and month (in the format yyyy_MM) and second based on current date (in the format _dd_). For example, 2020_06/02 (for June 2nd). For each error, two files are created in the final folder: a content file (zipped) containing the original record (file name format yyyyMMdd_HHmmssSSS-source_components_info.content.zip) and an info file containing additional error information (file name format yyyyMMdd_HHmmssSSS-source_components_info.info).

Here is an example of the full paths of the two files (for a duplicate coming through the DirX Identity File collector):

300-duplicates/2020_06/02/20200602_094739922-dxi_file-pers.info

300-duplicates/2020_06/02/20200602_094739922-dxi_file-pers.content.zip

For information on how to configure DirX Audit error handling, see the section “Server Error Handling” in “Configuring DirX Audit” in the DirX Audit Installation Guide.

If a recoverable error is stored in error storage, it is automatically processed again at least three times. If any of these attempts is successful (the stored record is persisted into the database) the stored error is removed along with the corresponding information file and attempt information (if created before).

If the attempt is not successful (an error occurs), the stored error is kept in the folder and the information about the processing error is stored in an additional file (a file name with the suffix .redelivery.properties). Only one additional file is kept (the older ones are rewritten if they exist).

There are two jobs scheduled by default for this processing with different schedules and scopes:

Each job tries to redeliver all errors stored within the given scope. Every stored error is tried once during a single job execution.

The jobs configuration can be modified manually by editing configuration files. Either the default file can be modified (then all tenants will use the changed configuration) or the tenant-specific configuration file can be modified (then only this tenant will use the changed configuration). The tenant-specific values overwrite the values from the default file.

The location of the default file is:
install_path/conf/defaults/tenant/configuration.cfg

The location of the tenant-specific configuration file is:
install_path/conf/tenants/tenant_id/configuration.cfg

The sections relevant for the two jobs are (the jobs are simply numbered as 1 and 2 and differ only in schedule and scope and are otherwise functionally equal):

The following options can be set:

You must reconfigure server jobs for the given tenant using the Tenant Configuration Wizard to apply the changed values (or restart the DirX Audit Server service for a given tenant).

The administrator should check all stored errors that remain in the recoverable errors folder after the configured maximum days scope for either one of the two jobs (by default, eight days). Such stored errors will no longer be processed automatically and should be analyzed and processed manually.

All stored non-recoverable errors are not processed automatically and the administrator should analyze them manually.

Duplicates do not need to be processed since they are already in the database. If the number of stored duplicates keeps growing, the entire system should be checked since it indicates that there are other problems (for example, frequent network disconnections).

Stored XML errors should be always checked since these records are missing in the database. The typical reason can be wrong format (duplicated XML header, invalid XML syntax, collector type mismatch), invalid content (missing required elements/attributes) or an error in the transformation template (in case of different source format; for example, DirX Identity records). Once the problem is fixed, the stored files should be reprocessed manually, for example, using the corresponding File collector.

File and JMS collectors perform additional validation before or during processing of input data. They have different ways of performing input validation and specific processing of the input.

File collectors will not try to process files that do not pass the basic validation checks. Error handling will not be used for such input files and those files will stay in input folder.

If the file passes all validation checks it is processed further. The file content is not processed at once. It is cut into groups of a given number or records (by default 10). These groups are then processed separately in sequence. Any error that happens during this cutting process will cause the whole file to be processed by error handling and stored into an error storage. It might happen that some of the file content have been already stored successfully into the database before this error occurred.

JMS collectors perform the basic validation check after the message is read. In the event that the content is not valid error handling will be processed. Such messages will be stored in an error storage.

The following sections provide more details on these checks.