on 12-16-2015 2:30 AM
Hi,
I have cluster environment with 2 nodes. My CMS and CMS_audit database exist under the same SQL server instance e.g. DEV_Instance. I created two ODBC conenctions one for CMS and Audit and we are using windows NT authenticatiom rather than a dedicated SQL server account.
After the install i was able to see the CMs and the Audit tables created in the SQL server instance.
now i am running the CMS as a service account rather than local and i make the change in the SIA properties to run using the service account rather than local. I am planning to enable auditing and what confused me is that client provided me different service account and password for auditing than CMS. If understand correctly i am already using the CMS service account in SIA and it should be logging information in the CMS tables in the database (CMs) .
now i see a username and password option in the auditing section of the CMC,i have a seperate service account for audting which is different than CMS, should i enter a seperate service account or it should be the same account that is used for CMS?
how to test properly that auditing is enabled correctly and right service account is used/
Thanks
you can use diffrent service accout for same DEV_Instance schema.
the diffrent service accout should have dbo rights on the DEV_Instance schema.
to check update the Audting secion with the new service account password.
if any userid\password is incorrect it will not accept it.
Enable auditing in CMC.
also monitor the Auditing log folder is the files are getting stack or getting removed from there.(writing to audting TABLE)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Ronak,
So basically even when we are using a different service account for CMS in SIA, i should enter the auditing service account and password in the CMC-->Auditing section ---
i checked in the SQL management studio and the audit service account is listed user users-->permissions with the ability to read/write modify rights.
you mentioned if the user and password is incorrect it will not accept it -- do you mean when i enter that in CMC-->Auditing OR there willl be an entry in the auditing log files?
So for enabling auditing, is there anything else that needs to be done other than what is listed under CMC-->auditing section?
so i have the default folder for auditing i.e. sap business objects Enterprsie XI 4.0 --> Auditing.
i already see some files in it? i opened these files and actually dont understand what they are logging already when auditing is not even enabled yet -- can you give me an idea about these files and how they might chnage and what should i check to confirm that CMS is collecting the audit data correctly ?
Thanks
yes in Auditing secion if the userid\password is in correct they you will get error.
also, creating an ODBC connection will also refect error if any such issue.
For Auditing all activiy is though CMC->Auditing section.
CMS audits create audit files in the Auditing folder.
it uses Auditing Folder as temp folder and removes the files and writes in Auditing DB.
if the CMS fails to write anything in the Auditing DB the files size will keep on increasing in Auding folder.
Hey i amde the changes in CMC -->auditing witht he Audit user account and i didnt know how to put the information for CMS auditor, but it showed in the status bar to restart the SIA. I restarted the SIA and it seems the SIAis not restarting because of login failure !
like i mentioned SIA had a different service account information for clogin for CMS and now for audit we used a differnt service account and password.
Did you also modified the SIA account?
In the SIA property put the service account which has access to CMS DB.
This account should have admin rights on the server.
IF its still faliing to start try to start with local host and check if it works.
If it works then the issue is with the service account and its rights.
run the SIA with local host and remove the Auditing information from CMC->Auditing
STOP the SIA and run with the service Account.
Auditing is not related to CMS DB and SIA.
In your case you are using the same schema, if possible try to have seperate schema for Auditing and diffrent account.
But still if its not possible then keep same service accout in Auditing secion which is used for SIA then try to understand the schema access for both the account on the same DB.
since we are using windows NT account even though we have 'audit_CMS' ODBC and 'CMS ' ODBC, but our SIA is running as a CMS service account. So for auditing i used windows authentication rather than sql server (w/user and password) - made sure that my CMS service account has both permissions to CMs and Auditing databases {they are on the same SQL server instance , one DB schema for CMS and one for Audit}. adn everything seems to work fine.
my auditing logs are getting cleared from Auditing logs and written to ADS.
my setting for Auditing is as follows:
ADS database:
Connection name : CMS_Audit {Audit ODBC}
Type : Microsoft SQL Server
User windows authentication (checked) {but for SQL server accounts this will be unchcked and user/pass} will be populated }
Please give your feedback if there is anything else that needs to be taken under consideration to improve the auditing experience.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.