Centralized Log Consolidation Databases Tutorial

In this article I am going to show you how to configure Corner Bowl Server Manager to save Event Log Entries, Syslog Messages and text log entries to a central database for monitoring, reporting, auditing and compliance requirements. I am also going to discuss the advantages and disadvantages of each database type.

Corner Bowl Server Manager can centralize log entries to Microsoft SQL Server, MySQL, SQLite and our own file system format. In an effort to provide faster out-of-the-box implementation, our proprietary file system format has been depreciated and replaced by SQLite, an embedded RDBMS that requires no user setup. If you your organization is using the File System format, we suggest migrating to SQLite. The file system format is scheduled to be end-of-lifed sometime in 2024.

Table of Contents

• Background
• How to Configure the Centralized Consolidated Log Databases
• How to Configure SQLite
• How to Configure MySQL
• How to Configure SQL Server
• How to Consolidate Log Entries to the Log Database
• How to View the Log Database Index
• How to View the Log Database Summary

• From the Management Console, find the Explorer View, scroll down until you see Data Providers, then expand. By default, you will find 3 entries, Primary Log Database, Archive Log Database and History.
  • The Primary Log Database contains the most recent log entries.
  • The Archive Log Database contains entries older than the Primary Log Database
  • The History contains execution status, which includes information such as the number of Event Log Entries saved.
• To view the Log Database Properties, right click and select Properties. The Data Provider View displays.
• From the Data Provider View, use the Type drop-down to select the database type, either SQLite, MySQL, Microsoft SQL Server or the File System.
• Use the Role drop-down to select how you would like to use the database. The following Roles are available:

  Role	Description
  Log Database	Contains the latest consolidated log entries. (e.g. log entries less than 30 days old).
  Archive Log Database	Contains archived consolidated log entries previously saved to the Log Database (e.g. log entries 30 days and older).
  Auxiliary Log Database	Contains auxiliary or backup consolidated logs. Typically used to view old database backups for auditing purposes.
  History Database	Only available when using the File System. Contains monitor and report execution history (e.g. execution time, state, and results such as the number of entries downloaded).
  None	This setting has two purposes. First, to be used for Database Monitoring. Second, to be used to maintaining database connection settings for later use.

• Configure the database type specific settings.
• Click the Test button to check the settings.
• Click the Save button to save the settings.
  Note

  When saving a Log Database or Log Archive Database, if the database does not exist, the database and several tables are automatically created.
• Click Delete to permanently delete this object.
  Important

  Log Database and Archive Log Database objects cannot be deleted.

• From the Path text box, either manually enter the target path or click the Browse button to select the database path and filename. If you browse, the Select File dialog displays.
  Note

  Since the Management Console is a client that can be installed anywhere, the Select File dialog is a proprietary view that displays the file system from the service's point of view.
• From the Select File dialog, select the file to save log entries then click OK.
• Use the Connection timeout text box to specify the maximum time to wait for an available connection in the connection pool before timing out.
• Use the Execution timeout text box to specify the maximum time to wait for SQL statements to complete before timing out.
  

  Centralized SQLite Consolidated Log Database Properties

https://www.mysql.com/downloads/

• Use the Server text box to specify the hostname the MySQL database is installed.
  Note

  If the database is installed on the localhost, specify localhost.
• Use the Database text box to specify the database.
• Use the Username text box to specify the MySQL user name.
• Use the Password text box to specify the MySQL user's password.
• Use the Connection timeout text box to specify the maximum time to wait for an available connection in the connection pool before timing out.
• Use the Execution timeout text box to specify the maximum time to wait for SQL statements to complete before timing out.
• Check Hash Mode to add hashing to each saved log entry often used in Italy to fulfill government compliance requirements.
  

  Centralized MySQL Consolidated Log Database Properties

• Use the Server text box to specify the SQL Server hostname and instance.
• Use the Database text box to specify the database.
• Use the Authentication Method drop-down to select either:

  Option	Description
  Integrated Windows Authentication	Uses the service credentials to connect.
  SQL Server Authentication	Uses a SQL Server defined user to connect.

• When using SQL Server Authentication:
  • Use the Username text box to specify the SQL Server user name.
  • Use the Password text box to specify the SQL Server user's password.
• Use the Connection timeout text box to specify the maximum time to wait for an available connection in the connection pool before timing out.
• Use the Execution timeout text box to specify the maximum time to wait for SQL statements to complete before timing out.
• Use the Maximum connection pool size text box to specify the maximum number of connections to allow. The default value is 100.
• Check Encrypt connection to enable SQL Server packet encryption.
• Check Hash Mode to add hashing to each saved log entry often used in Italy to fulfill government compliance requirements.
• Use the Encoding drop-down to enable Unicode support.
  Important

  We have seen cases where after creating the database an access denied error is immediately thrown. If this occurs, click the Save button again. If the error persists, verify the authentication method is valid. Make sure to configure both your primary and archive log databases.
  

  Centralized SQL Server Consolidated Log Database Properties

• Agent-Based Event Log Management
• How to Centrally Consolidate Event Log Entries to SQL Server
• How To Download Azure AD Audit Logs and Monitor Sign-In Events
• How to Centrally Consolidate Syslog Entries

• To see what has been saved to the database, from the Explorer View, find the root Data Providers node then expand.
• Next, expand the Primary Log Database.
• Once expanded you will find two nodes, All and Hosts.
• Expanding All reveals each host that contains saved log entries without any grouping.
• Expanding Hosts reveals your root Hosts node structure.
• Expanding any host reveals all saved logs.
• To view a log, right click then select View.
  

  Centralized Consolidated Log Database Index

• To view a summary of the content in your primary log database, from the Explorer View, select the Dashboard node. The Dashboard View displays.
• From the Dashboard View, select the Log Database Summary Tab. The summary is executed and asynchronously return results one by one as they are received.
• Notice the scroll bar at the bottom. The summary may take several minutes to complete.
  

  Centralized Consolidated Log Database Summary
• To view more detail about a specific saved log, right click on the row then select Data Properties. The Data Properties View displays.
• Depending on the log type the Data Properties View will display summary data, for example, the number of Event Log Entries grouped by Level and Event ID.
  

  Centralized Consolidated Log Summary

That's all I have for today. I hope this article has helped you better understand how to configure the centralized log databases and how to view the available consolidated log summary information.