How to view the raw DRA Log Archive Data

  • 7015882
  • 11-Nov-2014
  • 27-Jan-2015

Environment

Directory Resource Administrator 8.5.x
Directory Resource Administrator 8.6.x
Directory Resource Administrator 8.7.x

Situation

NetIQ Directory Resource Administrator (DRA) generates an audit event for every operation done using any of the DRA Consoles. This data is stored in a local Log Archive Server Volume, on each DRA Server.  The RAW data is stored in NDS files. This data is indexed and can be queried using either the Right Click Reporting within the DRA Console or the NetIQ Reporting Center (NRC). There are times when it might be necessary to view the raw audit data contained in a specific NDS file.

Resolution

To view the RAW data stored in NDS files, use the Log Archive Data Viewer. This utility is a part of the DRA Log Archive Resource Kit (LARK). As of DRA 8.7 and newer the LARK is an option with the DRA Setup Installer. DRA 8.5 and DRA 8.6 included the LARK as a standalone MSI included in the DRA setup files; called Log Archive Resource Kit.MSI. This utility will query the Log Archive Configuration to locate the current DRA Log Archive Volume. The volume will be displayed a tree on the left hand side of the data viewer window. Within the tree there will be sublevels known as Partitions.  Each partition will be named for the 8 digit date for which it was created. The partition will contain audit data received by the NetIQ DRA Log Archive Service (LAS) during that specific day.  In most cases this is the same day for which the event occurred. To view the raw data, highlight an NDS file contained within the partition. Once the NDS file is highlighted the raw data will be displayed in columns on the right hand side of the window.

The Log Archive data is specific to the DRA Server that performed the operation. The DRA Server performing the operation is the specific DRA Server that DRA console was connected to; at the time the operation occurred. This does not always correlate to the specific DRA Server from which a DRA console was started.
The Log Archive data is specific to the DRA Server that performed the operation. The DRA Server performing the operation is the specific DRA Server that DRA console was connected to; at the time the operation occurred. This does not always correlate to the specific DRA Server from which a DRA console was started.

Cause

Often times the need to access the RAW LAS data is needed for troubleshooting possible problems with the DRA Audit Activity Reports. The data viewer provides the ability to verify that ANY audit data was generated for a specific date. The DRA Console provides the ability to run a limited scope query against the data stored in the LAS. Using the Data Viewer can help to confirm if there is any data available for a specific date range.