Enterprise SIEM, Centralized Log Management, Security, Compliance, Server Monitoring and Uptime Monitoring Software
Table of Contents

Data Providers

Data Providers have two purposes:

  • To save log entries, PowerShell Monitor results, SNMP Traps, and execution history for a period of time such as 1 year.
  • To configure database connections for use with Database Monitoring Templates.

How it works:

When storing log entries for long periods of time, such as one year, log entry tables will become quite large. Running daily reports, such as Account Management Reports, require table scans to isolate the target log entries. If we were to store each log in a single table for the entire year, daily reports would be unnecessarily table scanning irrelevant data burning CPU, memory, power and time. For this reason, Corner Bowl saves log entries to two tables is separate databases. This design has two advantages. First, daily reports only need to execute table scans against recent data, and second, archive databases can be implemented on alternate hardware, with different specifications, while simultaneously isolating CPU intense archive reporting from production systems. Corner Bowl Server Manager implements these two databases in the Explorer View under Data Providers. By default, the databases are called the Primary Log Database and the Archive Log Database respectively.

By default the Log Database and Archive Log Database are pre-configured to use an embedded database, SQLite, rather than a network database such as SQL Server or MySQL.

Alert SQLite is ideally suited for small implementations and Air-Gapped networks while we suggest large corporate networks use either SQL Server or MySQL.

To configure the Log Database:

  • From the Explorer view, expand Data Providers. By default, The following two nodes are listed, Log Database and Archive Log Database.
  • Right click on the database you would like to configure, then select Properties. The Data Providers Properties view displays.
  • From the Data Providers Properties view, use the Name text box to specify a unique name.
    Information Click the Auto Generate button to automatically generate a name. If you click this button after you have set the data provider settings, the generated name reflects the settings you have selected (e.g. Primary Log Database (SQL Server)).
  • Use the Type drop-down to select the database type. The following Types are available:
    SQLiteA self-contained open-source SQL database engine.
    Microsoft SQL ServerMicrosoft SQL Server v2022-2012.
    MySQLOracle MySQL v8.x-5.7
    File SystemA proprietary Corner Bowl Software developed binary flat file system.
  • Use the Role drop-down to select how you would like to use the database. The following Roles are available:
    Log DatabaseContains the latest consolidated log entries. (e.g. log entries less than 15 days old).
    Archive Log DatabaseContains archived consolidated log entries previously saved to the Log Database (e.g. log entries 15 days and older).
    Auxiliary Log DatabaseContains auxiliary or backup consolidated logs. Typically used to view old database backups for auditing purposes.
    History DatabaseOnly available when using the File System. Contains monitor and report execution history (e.g. execution time, state, and results such as the number of entries downloaded).
    NoneThis setting has two purposes. First, to be used for Database Monitoring. Second, to be used to maintaining database connection settings for later use.
  • Use the rest of the controls to set the Type specific settings. For more information see:
  • Click the Save button to save the settings.
    Information When saving a Log Database or Log Archive Database, if the database does not exist, the database and several tables are automatically created.

To configure a database connection to be used by a Database Monitoring Template:

  • From the Menu Bar, select File | New. The Create New Object View displays.
  • From the Create New Object view, select Data Provider. The New Data Provider view displays.
  • From the New Data Provider view, use the Type drop-down to select the database type.
  • From the Role drop-down, select None.
  • Use the rest of the controls to set the Type specific settings.
  • Click Save to save your changes.

To view the Data Provider Index:

  • To see what has been saved to the database, from the Explorer View, find the root Data Providers node then expand.
  • Next, expand the Primary Log Database.
  • Once expanded you will find two nodes, All and Hosts.
  • Expanding All reveals each host that contains saved log entries without any grouping.
  • Expanding Hosts reveals your root Hosts node structure.
  • Expanding any host reveals all saved logs.
  • To view a log, right click then select View.
    Data Provider Index

To view Consolidated Log Database Summary:

  • To view a summary of the content in your primary log database, from the Explorer View, select the Dashboard node. The Dashboard View displays.
  • From the Dashboard View, select the Log Database Summary Tab. The summary is executed and asynchronously return results one by one as they are received.
  • Notice the scroll bar at the bottom. The summary may take several minutes to complete.
    Consolidated Log Database Summary
  • To view more detail about a specific saved log, right click on the row then select Data Properties. The Data Properties View displays.
  • Depending on the log type the Data Properties View will display summary data, for example, the number of Event Log Entries grouped by Level and Event ID.
    Consolidated Log Summary

Related Topics

Data Provider Properties

Corner Bowl File System Properties

SQLite Properties

SQL Server Properties

MySQL Properties

Database Monitoring Templates