Exploring IBM Notes/Domino Activity Logging and Activity

Trends

Open Mic
Javed Batliwala
Staff Software Engineer

Naresh Luthra
Staff Software Engineer

IBM
Powered by IBM SmartCloud Collaboration
Meetings Solutions © 2014 IBM Corporation
About Us
Staff Software Engineer, IBM Notes / Domino
javed.batliwala@in.ibm.com

Staff Software Engineer, Smart Cloud

naresh.luthra@in.ibm.com

Ranjit Rai – Lotus Technical Advisor

Focussing on Entire Notes Domino

Hansraj Mali – Lotus Technical Advisor

Focussing on Entire Notes Domino

Jayaval Rajendran – Lotus Technical Advisor

Focussing on Entire Notes Domino

Vinayak Tavargeri- Support Manager – Facilitator for AP Open Mics

vtavargeri@in.ibm.com

2 © 2014 IBM Corporation

Abstract
 IBM Domino Server is having an exceptional functionality and features which fit
perfectly for customers and their business needs. While working in professional
environment, one cannot forget or compromise in security.
 Domino Server is very robust and having very high level of security. It captures
different types of logs if it has been configured properly. In day to day activities,
administrators may find it difficult to extract the information like IP Addrress of
system from which the particular Notes database or mail file was accessed or
internal mail routing session/IP details or unused mail databases etc. So let's
come together for the session on Activity Logging and Activity Trends. What are
the best practices for using Activity Logging and Trends ?
 When to use them and when not ? What information you will find in them ?
Should I enable on all servers or only one server ? We will provide answers to all
those queries.
 In this session its our sincere effort to enable our end customers to be more
effective and confident in managing and securing their Notes/Domino
environment.

3 © 2014 IBM Corporation

Agenda

 Activity Logging and Activity Trends

 How to configure Activity Logging
 Working with Activity Trends
 Analyzing Activity Logging Data
 User Activity Logging for a Database
 Test Cases
a) Mail
b) Notes DB
c) Notes session
 Troubleshooting
 References
 Q&A

4 © 2014 IBM Corporation

Activity Logging
 Server tasks provide enhanced activity
data
 Activity data stream written to the
server log (log.nsf)
 Controlled via server configuration
document
 API provided to access the activity
data stream

5 © 2014 IBM Corporation

 How to configure Activity Logging
How to check if Activity Logging feature is Enabled / Disabled:
 Type the console command “show server” on Domino console from the output it will

show if Activity Logging feature is Enabled / Not Enabled.

You configure activity logging by editing the Configurations Settings document.

 From the Domino Administrator, click the Configuration tab.

 In the Task pane, expand Server and click Configurations.

 In the Results pane, select the Configuration Settings document you want, and click

Edit Configuration.

6 © 2014 IBM Corporation

 How to configure Activity Logging (cont')

 On the Configuration Settings document, click the Activity Logging tab.

 Select “Activity logging is enabled.”
 In the “Enabled logging types” field, select the types of activity you want to log.
 (Optional) To increase or decrease the frequency of creating Checkpoint records,
change the checkpoint interval.
 (Optional) To automatically create Notes session and Notes database
 Checkpoint records every day at midnight, select Log checkpoint at midnight.
 (Optional) To automatically create Notes session and Notes database Checkpoint
records every day at the beginning and end of a specific time period, select “Log
checkpoints for prime shift” and then specify the times for the Prime shift interval
 Click Save & Close.
 (Optional) If you are logging activity for LDAP Add and Modify operations and want
to change the amount of information logged in the Attributes field from the default of
4096 bytes, follow the steps in the topic “Limiting the amount of attribute information
logged for LDAP Add and LDAP Modify activity.”

7 © 2014 IBM Corporation

How to configure Activity Logging (cont')

8 © 2014 IBM Corporation

Checkpoint
 The records in the log file keep track of all activity generated. Domino creates
different types of records for each type of activity. For some types of activity,
Domino creates multiple records during a session; for other types of activity,
Domino creates a single record.

 For types of activity that could require long sessions to complete, Domino
generates an Open or Authorization record when a session begins. This record
indicates that a session is open and shows the time at which the session began.
During the session, Domino generates Checkpoint records, which log all activity
that has occurred so far during
the session

 Domino creates Checkpoint records for the following types of activity:

IMAP, Notes session, Notes database, Notes passthru, POP3, and SMTP.

 Checkpoint records are cumulative; each one contains all of the

activity that was logged to that point during the open session.
By default, Domino creates a Checkpoint record the first time there is
activity after a 15 minute waiting period.

9 © 2014 IBM Corporation

 Activity logging records
Activity type What this logs
Agent  Domino server-based agent that run successfully.
 Record the name of the agent ,
 The name of the database that contains the agent
 The amount of time it took to run the agent
 Name of the person who last saved the agent

Note : The record does not show the types of activities the
agent perform , Agent which run on web server
HTTP  Name of the Web server
 Name of the user accessing the Web Server
 The URL the user Clicked
 The Number of bytes returned
 Time to process the request
 Http status code
IMAP  Tracks IMAP session activity such as user name ,
server name , the IP address , number of bytes the
client sent and read from the server and the duration of
session
 Type of records for IMAP Sessions
 Authorization records
 Checkpoints record
 Closed record
10 © 2014 IBM Corporation
 Activity logging records (cont')
Activity type What this logs
LDAP  Records information about every LDAP request
 Each LDAP request has different structure , generate a
different activity logging record for each type

Type of requests are Abandon , Add , Bind, Compare,

Delete, Modify, Extended, ModifyDN, Search, Unbind
Mail  Tracks mail that is sent from and received by a server
 Records name of the server that created the record ,
originator and recipient of the message , message ID ,
preceding and the next hope on the delivery route and
size of the message

Type of activity records are Deposit , delivery, delivery failure

Transfer , Transfer failure
Notes Database  Tracks notes database activity that occur during the
server session
 Name of the Database , name and address of the
database user , number of document read and written ,
the number of bytes read and written , total number of
transactions executed in the database , length of time
Db was opened

Type of records are Open records , Checkpoints records , Close

11 © 2014 IBM Corporation records , ClosedEnd record , mailDepoist records
 The information in the log file (cont')
Activity type What this logs

Notes Passthru  Tracks activity that is generated by a client or a server

through a passthru connection.
 Information as the number of bytes sent and received,
the number of documents read and written, the number
of transactions executed, and the duration of the
passthru session.

Type of Activity records are Open records , Checkpoint

records and close records

Notes Session  Tracks network traffic that occurs during a server

session with a Notes client or with another Domino
server acting as a client
 Records include such information as the name and
network address of the session user, the number of
documents read and written, the number of bytes read
and written, the total number of transactions executed
during the session, and the duration of the session.
 Servers, users, and API programs can all generate
session activity.

12 © 2014 IBM Corporation

 Activity logging records (cont')
Activity type What this logs
POP3  The name of the user,
 The IP address of the client,
 The number of bytes the client sends to and reads
from the server
 The number of messages sent to the client,
 The number of messages deleted from the client, and
the duration of the session.

Type of records are

Authorization records , Checkpoint records, Close
records
Replica  The names of the source and
 Destination servers,
 The replicaID of the database
 The number of bytes replicated in each direction.
SMTP  Record information such as the IP address of the
connected client
 The number of messages the client sends to the server,
 The number of bytes the client sends to and receives
from the server,
 the number of recipients to whom messages are sent
 The duration of the session.

13 © 2014 IBM Corporation

 Activity Trends
 Core Domino Functionality Data Flow
 Trend user Activity
- Identity (Person or DB)
- Database
- Access Protocol
 Statistic for
- Current Observation
- Historical Trends
- Load on Server
 Store it in Activity.nsf

14 © 2014 IBM Corporation

 Working with Activity Trends

15 © 2014 IBM Corporation

 Working with Activity Trends

16 © 2014 IBM Corporation

 Working with Activity Trends

17 © 2014 IBM Corporation

 Working with Activity Trends

18 © 2014 IBM Corporation

 Resource Balancing

19 © 2014 IBM Corporation

 Running activity analysis
 In the Domino Administrator, make the server on which you want to run activity
analysis current.
 Click the Server - Analysis tab.
 In the Tools pane, expand Analyze, and then click Activity.

20 © 2014 IBM Corporation

Running activity analysis (cont')
 Do one of the following to select the types of activity you want to log:
 To log all the types of activity, skip this step. By default, all activity types are selected.
 To deselect a type of activity to log, click the activity type in the “Selected types of activity”
pane, and then click Remove. To deselect all the types of activity, click Remove All.
 To select a type of activity to log, click the activity type in the “Select server activity types to
search for” pane; and then click Add. To add all the types of activity, click Add All
 Choose the starting and ending dates and times of the activity you want to view.
 (Optional) To write the analysis results to a database other than the Log Analysis database,
click Results Database and specify a different database. Then click OK.

21 © 2014 IBM Corporation

Viewing the data in the Log Analysis database
 If the Log Analysis database is not already open, do the following:
 On your local computer, choose File - Database - Open.
 Select the Log Analysis database, and then click Open. (By default,the database
title is “Log Analysis” and the file name is LOGA4.NSF.)
 In the Task pane, expand Server Activity; and then click the view for the type of
activity you want to view.
 (Optional) In the Results pane, double-click the record you want to view.

22 © 2014 IBM Corporation

 Test Case – Track the IP Address of mail
 In the below example we are trying to capture the IP address of the sender
machine from where the email was generated.
 Perform the Activity analysis for the date you want to track the email.
 Click on Mail → Deposited (Sender is “Test User21/Training” who has sent the
email to “Test User22/Training”)
 Locate the email, as we need the Session ID to get the IP Address.

23 © 2014 IBM Corporation

 Test Case – Track the IP Address of mail (cont')
Also you can verify the Message ID from the console.log to confirm if it is the
same email.

Once you have got the Session ID, click on Notes → Session and search for
the document with Session ID.

It will return the result if the document is found.

24 © 2014 IBM Corporation

 Test Case – Track the IP Address of mail (cont')
 Client Address field will give the IP Address of the machine from where the email
was generated. It give some additional information like which database used to
send the email, bytes transferred etc.

25 © 2014 IBM Corporation

 Test Case – Track the IP Address of database
 In an organization we have generic ID's configured on multiple machines and if
we want to track if a particular database has been accessed from which all IP
Addresses either it could be through its own ID file or through access delegation.
 The Basic purpose is to capture from which all IP addresses a particular
database has been accessed.
 Run the Activity Analysis for date you want to capture.
 From Activity Analysis result database goto Notes → Database

26 © 2014 IBM Corporation

 Test Case – Track the IP Address of database (cont')

Capture the Session ID

Goto → Notes → Session. Search the document using Session ID.

27 © 2014 IBM Corporation

 Test Case – Track the IP Address of database (cont')
 Client Address field will give the IP Address of the machine from where the
database was accessed.

28 © 2014 IBM Corporation

 User Activity Logging for a Database
 By default Domino logs user activity for a database in each database.
However, user activity logging is a great tool for monitoring unauthorized
access to certain data, so you should maintain it on vital application data.
 To access user activity logging, open the database properties, select the
information tab an then click on the button "user detail"

Note: ODS 48 have additional column of deletes

29 © 2014 IBM Corporation

 Last Active Databases
 To know the last active database, open the Activity.nsf → Databases →
Inactivity, it will list all the databases.

30 © 2014 IBM Corporation

 Troubleshooting
Since enabling Activity Logging and setting up Activity Trends, the size of your
server's log.nsf is 3 to 4 times larger than before. How can you reduce the size of
the log when activity trends are being collected?

The overall purge interval for the log.nsf is determined by the third number in the
notes.ini variable "log=log.nsf, 1, 0,7,40000". You can set a purge interval
specifically for activity trends data by tacking on a number to the end of this
value.

For example, if you want to purge activity trends documents not modified after
two days, you would set the variable to:

log=log.nsf, 1, 0,7,40000 ,2

Note: The activity trends purge value can be set to 1 through 6. The default
purge for the overall log.nsf is 7 days.

31 © 2014 IBM Corporation

 Troubleshooting
Since enabling Activity Logging and setting up Activity Trends, the size of your
server's activity.nsf will grow in larger size. In order to control the size of
activity.nsf use the retention option.
By default it stores the data for 10 days

To customize the days setting un-

check the default option and can set
the days option.

32 © 2014 IBM Corporation

 Troubleshooting
Title: User activity logging is automatically reenabled after being disabled
Doc #: 1096282
URL:http://www.ibm.com/support/docview.wss?uid=swg21096282

Title: Examples of events that trigger Read/Write entries in the User Activity log for
a database
Doc #: 1096117
URL:http://www.ibm.com/support/docview.wss?uid=swg21096117

Title: How to reduce log file size when activity trends are being collected
Doc #: 1230016
URL:http://www.ibm.com/support/docview.wss?uid=swg21230016

Title: STATLOG does not display all databases in Database Size view
Doc #: 1285394
URL:http://www.ibm.com/support/docview.wss?uid=swg21285394

33 © 2014 IBM Corporation

References

http://www-10.lotus.com/ldd/dominowiki.nsf/dx/activity-logging-and-activity-trends

Activity Logging
http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?
topic=/com.ibm.help.domino.admin.doc/DOC/H_BILLING_OVERVIEW_7158_OVERVIEW.html

Activity Trends
http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?
topic=/com.ibm.help.domino.admin.doc/DOC/H_TIVOLI_ACTIVITY_TRENDS_STEPS.html

34 © 2014 IBM Corporation

 Thank you
Q&A

Visit our Support Technical Exchange page or our Facebook page for details on future events.

To help shape the future of IBM software, take this quality survey and share your opinion of
IBM software used within your organization: https://ibm.biz/BdxqB2

IBM Collaboration Solutions Support page ICS Support

http://www.facebook.com/IBMLotusSupport http://twitter.com/IBM_ICSSupport
35 | © 2014 IBM Corporation