Auditing User Access in Virtual DataPort

Applies to: Denodo 8.0 , Denodo 7.0 , Denodo 6.0
Last modified on: 17 May 2020
Tags: JMX Monitoring

Download document

You can translate the document:

Goal

This document describes how to set up auditing connection information to the Virtual DataPort Server such as user login names, origin of the connection, connection times, etc. There are two ways to keep a record of this information: using the Denodo Monitor Tool or an external JMX (Java Management Extensions) client. This document will use JavaTM VisualVM as an example JMX client.

Denodo Monitor Tool

The Denodo Monitor is a tool included in the Denodo Platform that logs several parameters of the Denodo servers. One of these logs information on connections to the VDP server.

This log contains information such as the server name, host, port, client IP address, login and logout time, the interface used to access the server, login name, the database and web service accessed.

The Denodo Monitor must be started in order for the logs to start recording the connection information. The following Virtual DataPort Administration Guide provides steps to start the Denodo monitor.

Once the Denodo Monitor is started, the connection information including user access to the VDP server can be found in  the vdp-connections.log file located in <DENODO_HOME>/tools/monitor/denodo-monitor/denodo-monitor/logs

This file can also be used as a data source to create a base view in order to easily search through the information.

To do this, go to the Virtual DataPort Administration Tool or the Web Design Studio and create a new Delimited File data source.

  • Go to File > New > Data Source > Delimited File
  • Enter the following configuration:
  • Data Route: Local

(<DENODO_HOME>/tools/monitor/denodo-monitor/denodo-monitor/logs/vdp-connections.log)

  • Column Delimiter: \t
  • End of line delimiter: \n
  • Start of data zone delimiter: ServerName
  • Select Header

The following image is an example of the results you will see in after creating and executing a base view over the data source in the VDP:

Note that if the Denodo Monitor is restarted more than once a day, a selection view over the base view with the condition “bv_connections.id_0 <> ‘ServerName’” will have to be created to skip the header that is generated every time the Denodo Monitor is restarted.

To access the connection records for several day, configure the data source without header and without start of data zone delimiter. The Local Data Route will have the file path: <DENODO_HOME>\tools\monitor\denodo-monitor\denodo-monitor\logs and then the File Name Pattern: “vdp-connections.log(.*)”.  This configuration will allow to read all the connection logs in the selected path.

Furthermore, like any other view, it is possible to publish the connections view as a web service and assign access privileges to users as another access method.

JMX Client (example with Java Visual VM)

You may also use a JMX Client instead of the Denodo Monitor to find out information about users who have accessed the VDP server. To monitor the server connections using Java Visual VM execute the following steps:

  1. Run Java Visual VM and Start jvisualvm located in <JAVA_HOME>/jdkx.x/bin

  1. Add new JMX Connection
  • File > Add JMX Connection
  • Connection: <hostname>:<port>
  • Select ‘Use Security Credentials

  1. Go to MBeans VDBServerManagementInfo
  • If you do not already have the MBeans Plugin installed go to Tools > Plugins > Available Plugins.
  • Select and install ‘VisualVM-MBeans
  • Click into the JMX connection node and go to the MBeans tab
  • Expand com.denodo.vdb.management.mbeans
  • Click into VDBServerManagementInfo

  1. Subscribe to Notifications: in VDBServerManagementInfo, click on the Notifications tab and click ‘Subscribe

  1. Log into the VDP Administration Tool or the Web Design Studio and check that the information is recorded in Visual VM

After logging in and out of the Denodo VDP Administration Tool or the Web Design Studio, you will have notifications in the JMX client. To obtain information about the user access of a session, double-click on any cell in the ‘User Data’ column

These steps are explained in more detail in the Virtual DataPort Administration Guide in the section Monitoring with a Java Management Extensions (JMX) Agent.

References

Virtual DataPort Administration Guide: Monitoring the Virtual DataPort Server

Virtual DataPort Administration Guide: Using JavaTM VisualVM

Virtual DataPort Administration Guide: Denodo Monitor

Questions

Ask a question
You must sign in to ask a question. If you do not have an account, you can register here

Featured content

DENODO TRAINING

Ready for more? Great! We offer a comprehensive set of training courses, taught by our technical instructors in small, private groups for getting a full, in-depth guided training in the usage of the Denodo Platform. Check out our training courses.

Training