This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA SecurID® Access Discussions

Browse the SecurID Access discussion board to get product help and collaborate with other users of SecurID Access.
KennethHeinbock
Beginner
Beginner
‎2019-08-23 03:43 PM

how does log data replication work in AM 8.3 ?

how does log data replication work in AM 8.3 between the primary server and the replica servers?

Labels (1)
0 Likes
Reply
5 Replies
JayGuillette
Contributor Contributor
Contributor
‎2019-08-23 04:22 PM

Hey Ken,

As replicas authenticate users (run time data) and encounter errors (system data) the replicas send this data as change files to the Primary.  The Primary incorporates that data into the internal database, at which point you can run an Authentication activity or System Log activity report on the primary and see this data reflected in the report.  This data would be in the internal database that is replicated from primary to replicas.   Usually Admin activity is done on the primary, except that a Replica can handle new PIN mode so that type of admin activity on a replica would follow the same path at the runtime and system data to the primary where it would be incorporated into the database and then available to be reported on at the primary and replicated out as part of the internal database to the replicas.

 

Based on archive settings for the three types of data; runtime, system log and administrative activity, at some point today's log data will be purged from the internal database at which time it will no longer be reflected in reports, and written to archive files (typically digitally signed).  These archive logs are only written to the primary or written to a remote Windows or NFS file share, they are not written to replicas, but the changes to the internal database are replicated, so older data is removed consistently across all AM servers.

 

One other point, I've been talking about change files as the means to replicate data, but if you see the [SYNC] button on the replica status page in the Operations Console, when you [SYNC] a replica you send the entire primary internal database at that point in time to that replica.  This process can be tricky when the WAN links are not really good, because the way it was engineered was not to use a reliable transport mechanism built into the TCP protocol to only retransmit dropped packets, if a packet is dropped the entire database transfer will start over, sometimes it never finishes!  So Engineering added the manual SYNC update somewhere back in an AM 8.2 SP1 patch, so you can use SFTP.

https://community.rsa.com/docs/DOC-85472 

0 Likes
Reply
KennethHeinbock
Beginner
Beginner
In response to JayGuillette
‎2019-08-23 04:58 PM

Jay

Thanks for the answer. Two follow up questions.

First, after the replica sends the log data to the primary is it cleared from the replica database ?

Second, is the primary consolidated log data replicated to all replicas in the AM deployment ?

Ken

 

Kenneth Heinbockel

Kenneth.Heinbockel@wellsfargo.com<mailto:Kenneth.Heinbockel@wellsfargo.com>

Phone: 215-694-7538

0 Likes
Reply
JayGuillette
Contributor Contributor
Contributor
In response to KennethHeinbock
‎2019-08-23 05:53 PM

Ken,

First: as far as I know the replica log data is not stored in the replica's copy of the internal database

Second: If by consolidated you mean into the internal database, then yes, since log data is consolidated into the Postgres internal database, then those changes are replicated back out to the replicas.

0 Likes
Reply
KennethHeinbock
Beginner
Beginner
In response to JayGuillette
‎2019-08-26 09:25 AM

Jay

This is confusing. First you state that replica log data is not stored in the replica’s copy of the internal database but then in the second answer you state that the consolidated log data is replicated back out to the replica.

What I am trying to do is determine if our reporting team can use the replica servers for running SQL queries for log data information.

Thanks

Ken

 

Kenneth Heinbockel

Kenneth.Heinbockel@wellsfargo.com<mailto:Kenneth.Heinbockel@wellsfargo.com>

Phone: 215-694-7538

0 Likes
Reply
EdwardDavis
Employee
Employee
In response to KennethHeinbock
‎2019-08-26 09:33 AM

Hello,

 

no, do not use replicas for log data or sql queries. 

 

a) replicas will immediately log to themselves, any current system, admin, or authentication activity

 

b) if replication is up, the replica will attempt to offload all logs to the primary, so replica will soon have no logs

 

c) busy replicas should have one or maybe a dozen events in it's own log system but that will disappear when replication catches up, which is essentially immediately

 

d) if replication is not working, or primary down, only then do replicas start to accumulate logs, but it still is not in a 'reportable' format., it is stored until replication is resumed, or until that replica is promoted to primary

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.