01-17-2012 01:25 AM
Hi,
I have to analyze ev audit.
auditing is enabled.
when i give the user archive id and evadmin user it goes to not responding state.
you have any way to get these results from audit viewer or directly from sql?
Solved! Go to Solution.
01-17-2012 08:28 AM
here's a query that should help narrow down the results to what you're looking for. fill in the <variables> with the information from your environment. the first select query will search by username and the second by archive id:
USE <name of EV Audit db>
SELECT * FROM EVAuditView WHERE UserName = '<domain\username>'
ORDER BY AuditDate DESC
SELECT * FROM EVAuditView WHERE Vault = '<Archive ID>'
ORDER BY AuditDate DESC
01-17-2012 01:39 AM
Viewing the below from the Admin Guide it shows Audit Viewer, but also mentions a query to view the log. Probably does not filter like the viewer, but may help. Also I wonder if connections has anything to do with the failure to respond? More details below.
Viewing the audit log
Enterprise Vault comes with the Audit Viewer utility, which lets you view and
filter the data that is logged in the auditing database. For more information on
Audit Viewer, see the Utilities Guide.
Auditing 317
Viewing the audit log
You can also view the audit log by following the instructions below.
To view the audit log
1 On the Windows Start menu, click All Programs > Microsoft SQL Server >
Query Analyzer.
2 At the top of the SQL Query Analyzer window, select the EnterpriseVaultAudit
database.
3 Type the following command in the Query window:
SELECT * FROM EVAuditView ORDER BY AuditDate DESC
4 Press F5 to run the command.
Tuning
Each computer on which you enable auditing has a limited number of connections
that it can make to the auditing database. These connections are reused as needed.
Auditing uses a pool of connections to the auditing database. You can make
Enterprise Vault log the level of usage of these connections and then, if necessary,
you can modify the number of connections as required.
To turn connection information logging on or off
1 In the Administration Console, expand the tree in the left pane until the
Enterprise Vault Servers container is visible.
2 Click the Enterprise Vault Servers container.
3 Right-click the computer whose logging you want to enable or disable and
then, on the context menu, click Properties.
4 Click the Auditing tab.
5 Click Advanced.
6 Check or uncheck Log database information to turn logging on or off.
7 Click OK.
8 Restart the Enterprise Vault services on the computer.
Modifying the number of connections
When an Enterprise Vault service that has auditing turned on stops, it logs an
event that shows the number of connections it used and the maximum number
of connections available to it. You can use this information to decide whether to
change the connection pool sizes.
Auditing
Tuning
318
To change the connection pool sizes
1 In the Administration Console, expand the tree in the left pane until the
Enterprise Vault Servers container is visible.
2 Click the Enterprise Vault Servers container.
3 Right-click the computer whose logging you want to enable or disable and
then, on the context menu, click Properties.
4 Click the Auditing tab.
5 Click Advanced.
6 Set the number of connections for each Enterprise Vault service.
7 Click OK.
8 Restart the Enterprise Vault services on the computer.
01-17-2012 08:28 AM
here's a query that should help narrow down the results to what you're looking for. fill in the <variables> with the information from your environment. the first select query will search by username and the second by archive id:
USE <name of EV Audit db>
SELECT * FROM EVAuditView WHERE UserName = '<domain\username>'
ORDER BY AuditDate DESC
SELECT * FROM EVAuditView WHERE Vault = '<Archive ID>'
ORDER BY AuditDate DESC
01-23-2012 09:31 AM
Perhaps your audit data set is quite large?