PPes Auditing

[EasyRider]

Has anyone been successful with auditing the PPES audit logs using any of the Cognos tools?

I've done so in the past using my own sql scripts, but thought I'd try to go back to the source if possible since I'm tired of changing the scripts after every upgrade.

There's a batch process I'd most like to use so I can extract the cube usage details over night and build cube to review in the morning, but it fails on a error on a missing UDA? No body in support knows what this means.

there's another called Sessionizer. My only issue is it's a interactive application and I have a hard time asking someone to process a audit file manually every morning.

Thanks in advance,
   __o
_-\<,_
(*)/ (*)
``````````````````````````````````````````````````````````````````````

[Darek]

7.3 MR2 Audit Processor is much better than previous incarnations. No major problems setting it up.

[Blue]

I have created a DOS .BAT script to collect all the audit.log files into one test file.  A DecisionStream job is executed daily that runs this script and then loads the log data into a temp table.  That data is then parsed into two fact tables, one keyed on sessionid and the other on the userid.  I've created a few dimension tables and use these with the facts to create IWR reports and a cube.  Works well.

Only issue I have is that a number of users and object names come through as "Unknown".  I would think that as access to the PPES cubes and reports all have to go through Access Manager security there would ALLWAYS be a valid userid.

Anyone got an idea why I get Unknown users?

[Darek]

Are your cubes secured?

[Blue]

Last time I looked the systems people had them covered with heavy weight chains, padlocks, and tarp.  You never know with so many cyclones/hurricanes about! :)

I get a lot of user Ids coming through but I also get a lot of unknowns.  Given the cube that "unknown" is accessing we think we know who it is but why her userid is not shown is a mystery.

[Darek]

Hmm, unkonwn or blank or null, ususally shows up when cube does not contain any security.

[EasyRider]

I don't know, I think the unknowns are just a hole in the audit layer in the tool. there's always been a leak, the fact that they haven't plugged it doesn't suprise me.

I tried a number to their audit processes. The one provided, Sessionizer and one of my own written against 7.1. When mine failed on reading the logs too, I took a closer look and found many bad, incomplete or partial records in the logs. I had to write a script to clean them before reading them.

I talked to another company that experienced the same issues, who told me Cognos claimed the problem would be corrected in 7.3 MR2.

I should be there in a couple days. I'll let you know.

[Draoued]

Yep , there is something wrong in 7.3 .

When you enable the auditing in PPES, it generates a ppes_audit.log.
When the PPES service/daemon is stopped and started , the ppes_audit.log is renamed in ppes_audit1.log , and a new ppes_audit.log is created.

With 7.3 mr1 , at least , the file creation is not functionning , and the old ppes_audit.log is appended instead of renaming it, which cause the problem for sessionizer and the cognos parser.