Audit messages (audit logs) document important events in a system and are read by specific persons (auditors). An audit message contains all kinds of information for the auditor to be able to understand the process in detail.
Information |
Description |
Time stamp |
Time at which the changes triggered by the process were saved |
Process |
Process identifier and description |
Component |
Component code |
User |
Login ID of the user who executed the process |
IP address |
Computer on which the process was triggered |
Application |
ID of the application that triggered the process |
Only those processes are logged whose execution led to data being saved permanently. Changes reverted by the user are not logged.
Example
The following message shows that the user SYSTEM changed the user administration (USR component) at the time specified, using the GUI of the local computer of the server system (127.0.0.1) by executing the process with the ID 800. The following text describes the process in detail.
27.09.2010 16:36:25.527, USR, [800] User configuration was changed, SYSTEM, 127.0.0.1, GUI
Component ID
Each component has a unique, language-independent identifier. The following table shows the valid values and descriptions.
Component ID |
Description |
KIC |
Measure configuration |
OKI |
User-defined measures |
RKI |
Ranking measures |
ABC |
User-defined dimensions |
TFD |
Top-flop dimensions |
KID |
Measure-dependent dimensions |
PRT |
Process tree configuration |
USR |
User management |
REP |
Report definition |
RAU |
Report automation |
FAV |
Shared favorites |
MGR |
Merger |
EPC |
Process instances |
PIK |
Process instance-independent measures |
PLV |
Planned values |
ORG |
Organizational units |
FTC |
Factory calendar |
SRV |
Server |
Application ID
The auditor uses the application ID to find out which application caused the change. The following table shows the valid values and descriptions.
Application ID |
Description |
GUI |
PPM user interface |
EXP |
Export |
CIM |
Configuration import |
IMP |
Data import (process instance-independent measures, dimension data, PPM) |
MMV |
Management view |
CHK |
Checks, e.g., planned value deviations |
CMP |
Aggregation and deletion of instances |
CVT |
Database converter |
INT |
Internal application |
SHR |
Session management |
ADT |
Adapter |
ADM |
Admin tool |
PFC |
Performance Dashboard |
MST |
Master-sub-server connection |
OTH |
Other application |
Configuration
To output audit messages, PPM uses the log4J logger AUDIT of the logging interface described in the previous chapter. Audit logging is configured in the client-specific configuration file Server_Log_settings.properties based on the log4J interface (see chapter Overview).
Only the PPM client server logs audit messages, the analysis server does not.
Log messages
In addition to basic information (such as time, components, process, etc.), the various PPM components output different types of messages, which are described below.
Only processes that permanently change data in the PPM system are logged. Data exports are not logged.
Measure configuration
For measure configuration changes made with the runppmconfig ... -keyindicator command line program, the following statistical data is output in addition to the basic information: Number of processed attribute calculation functions, number of processed attributes, number of processed measures, dimensions, and relations, number of processed process-independent measure series.
Process tree configuration
Messages differ depending on whether the process tree configuration was changed using the command line program runppmconfig ... -processtree, or if it was automatically extended by the import of new process instances with new process types. In the latter case, the names of the new process type groups and process types are output as additional information.
Extended measure configuration
Some messages are output regardless of whether the extended measure configurations (user-defined measures, ranking measures, ABC dimensions, user-defined dimensions, top-flop dimensions) were changed using the runppmconfig command line program or via the user interface.
User management
This component reports changes of users, user groups, group membership, data access privileges, passwords, function and access privileges, and it provides information on system login and logout actions. Login and logout actions by users logging in/out via Performance Dashboard, the query interface, or Management views are not output.
If the user configuration is changed using the runppmconfig ... -users command line program, additional statistical data about the import process is output.
Due to the type of connection between Performance Dashboard and PPM, the PC address and user login ID cannot be uniquely determined if the password is changed in Performance Dashboard.
Connection to central user management
Changes triggered by PPM which affect central user management are not logged. Only changes taking place in PPM are output. When you activate or deactivate users or user groups in PPM a corresponding text including additional information is output.
When importing using the runppmconfig command line program, you can create new users in central user management and in PPM or in just one of the two systems. If you create at least one new user in PPM a corresponding text is output. Changes in central user management are not logged.
Central user management checks the number of users based on your license. If the number of users is exceeded a corresponding text is output.
Organizational units
The system logs the creation, editing, and deletion of organizational units regardless of the process being triggered via the interface or the command line program.
Factory calendar
Changes of reference periods, working days, and factory calendar transformation factors are logged.
Reports
Saving report definitions and changing access privileges of a report definition are logged. Running a report definition is not logged.
Report automation
The system logs the creation, editing, and deletion of report automations regardless of the process being triggered via the interface or the command line program. The user SYSTEM can delete the report automations of all users by importing an overall configuration valid for all users in replace mode*. This process is logged with the text Report automations of all users deleted.
Favorites
Since shared favorites can be used in the measure configuration, the system logs changes to shared favorites (creation, editing, access privilege changes, renaming, moving, and deletion), regardless of the process being triggered via the interface or the command line program.
Changes of private favorites and the favorites cache are not logged.
Planned values
The system logs the creation, editing, and deletion of planned values regardless of the process being triggered via the interface or the command line program.
Management views
Creation, editing, and execution of Management views are not logged.
Command line programs
Some command line programs report system changes.
Aggregation and deletion of instances via runppmcompress and runppmdelete is logged only if the program runs in execute mode.
The messages differ depending on whether the data series of process instance-independent measures were changed using the runpikidata command line program or via the user interface. Import of dimension data using the rundimdata command line program is logged, as well.
PPM data import
The runppmimport command line program manages the data existing in the PPM system (merging process fragments into process instances, anonymizing users in organizational units, typifying process instances, recalculating measures, deleting shared fragments and process keys, creating database indices, reinitializing analysis servers). A corresponding message outputs the execution of any of these processes.
The recalculation of database statistics is not logged.
Start and stop the server
Starting and stopping the PPM client server is logged.
The process is not logged if you stop the server using Task Manager or if you exit the command prompt the server runs in.
Scaled systems
If you use a scaled system, the master server and sub-servers log the same audit information as a stand-alone server. Please not that certain processes are and logged only by the master server or one or multiple sub-servers.