Typically, an Adabas database is used in a commercial environment, and the data contained in the database are usually of a sensitive and confidential nature. Seen in this context, it is important to be able to answer the following questions (sometimes called the 5 W questions):
Who has accessed the data?
What has been accessed? This includes the database ID, the file number, the type of access (create, read, update, delete), the field names, etc.
When was the data accessed?
Where was the data accessed from?
What has changed in the internal state of the database?
These 5 questions are of vital importance for the following reasons:
- Fraud prevention
Identify security incidents in operational databases; who is accessing sensitive data?
Keep track of and analyse compliance-relevant results; who did what, from where and when?
- Performance monitoring
Central diagnosis of database performance and efficiency; how well is Adabas running?
Adabas Analytics adresses these requirement by enabling you to create an event each time there is a change of state in the Adabas nucleus.
A change of state can be triggered by:
An Adabas call;
A security event (authorization succeeded or failed, authentication succeeded or failed, etc.);
A change in performance status (threshold reached, disk space exhausted, etc.).
An event consists of a set of fields for data that is available at the time when it is generated.
Adabas Analytics currently supports 14 types of events related to Adabas calls. For further information about the event types, see the section Adabas Analytics Event Types. More event types relating to security and performance will be supported in later versions.
If yout only need to use Adabas Analytics sporadically (depending on your use case), it is possible to activate/deactivate the event anayltics component. Also, because only certain event types might be of interest, you can easily filter events by file number and event type.
The events generated by Adabas are either sent to the Adabas Analytics Server or written to a local log file called NUCELG; you can display the contents of this file with the new Adabas utility ADAELP (for further information, see the section ADAELP (Event Log Report).
The following graphic shows the architecture of Adabas Analytics Version 2.2:
Starting with Adabas Analytics Version 2.2, it is possible to create user-defined event types.
An event type consists of :
An event type name;
The area in the Adabas nucleus where the event is triggered;
A number of event type fields.
The event type name must be unique within all event types.
The area must be one of the pre-defined nucleus areas.
The event type fields must come from a list of pre-defined event type fields; all event type fields must be compatible with the area of the event type.
The utility ADAELA, which provides commands to add and delete event types, is used to define an event type. For details, please refer to the section ADAELA (Event Analytics Administration).
The defined event types are stored in the file eventtypes.txt. The ADANUC process reads the contents of eventtypes.txt during startup.
When the Adabas nucleus executes one of the defined areas, it triggers all of the event types defined for that particular area.
Adabas Analytics uses Elasticsearch and its visualization component Kibana to store and visualize Adabas performance data. The combination of the Adabas nucleus, Adabas Analytics, Elasticsearch and Kibana lets you analyze Adabas performance data in near-realtime. The Kibana visualization of the data is in a browser interface.
The installation kit includes an example Kibana dashboard, which you can use to display Adabas performance data.
The Adabas nucleus creates the Adabas Event Logfiles
NUCELG.xxxx) if the Adabas Eventing
functionality is enabled.
The Adabas Analytics File Converter reads a single Adabas Event Logfile and sends it to the Apama Correlator.
In the Apama Correlator, the received events can be processed like any Apama event: use them in an Apama monitor or an Apama Correlator dashboard.
The Adabas Analytics File Converter and the Apama Correlator can be running on the same node or on distributed nodes.