This topic is discussed in the "Grouper Maintenance" training video.
This page presents suggestions for ongoing Grouper administration tasks, including:
Pruning logs and registry
Monitoring Grouper Functions
Setting up Notifications
Pruning Logs and Registry
change log
daemon logs
user audit logs
point in time logs
registry
Pruning the Change Log
When updates are made in Grouper (group add, membership add, etc), updates are also made to the temp change log (grouper_change_log_entry_temp) as part of the same transaction. The Grouper Daemon later (by default every minute), moves these changes to grouper_change_log_entry with sequence numbers and also adds flattened notifications and permission notifications.
By default, change log entries are retained for 14 days in grouper_change_log_entry. This is configurable in grouper-loader.properties. Note that this option doesn't exist before Grouper 2.0.
# number of days to retain db rows in grouper_change_log_entry. -1 is forever. default is 14 loader.retain.db.change_log_entry.days=14
Pruning the Daemon logs
When the Grouper Daemon runs jobs, logs are kept in the grouper_loader_log table with information about the job, such as when it started, ended, and status. Note that these logs don't just get created for the jobs that load data into Grouper, but also for the other jobs that are run by the Grouper Daemon, such as the job to populate grouper_change_log_entry which runs every minute.
By default, these logs are retained for 7 days. This is also configurable in grouper-loader.properties.
# number of days to retain db logs in table grouperloader_log. -1 is forever. default is 7 loader.retain.db.logs.days=7
Pruning the User Audit Logs
User Audit logs are created when updates are made in Grouper. These logs are stored in the grouper_audit_entry table. For Grouper 2.0, I think the only option for pruning these logs are by deleting them directly from the database.
Here's an example to delete rows based on time. Note that created_on is milliseconds from epoch.
delete from grouper_audit_entry where created_on < '1318599550575'
Pruning the Point in Time Logs
Grouper has several tables that have names starting with "grouper_pit_" that are used to store point in time data. These tables are populated by the Grouper Daemon. If an object has been deleted from Grouper, the object remains in the point in time tables with an end date. Using GSH, you can delete objects in the point in time tables that have end dates. See Point in Time Auditing.
Pruning the Registry
You may need to delete old groups, e.g. if you don't need to keep course groups with unlimited history. At Penn we only need courses for the current semester, next semester, and previous semester. This might be as easy as an obliterate GSH command (note you can generate a report first), or a SQL query that generates a GSH script. See the GSH documentation for details
Monitoring Grouper Functions
Here are tips for monitoring Grouper functions:
- Set up Nagios to check the Grouper Diagnostics web service status page to be sure the daemons are running and the DB is up etc
- Set up your logs email you so you can see when people have errors (log4j.properties):
log4j.appender.grouper_mail=org.apache.log4j.net.SMTPAppender log4j.appender.grouper_mail.To=address@school.edu log4j.appender.grouper_mail.From=noreply@school.edu log4j.appender.grouper_mail.SMTPHost=smtp.server.edu log4j.appender.grouper_mail.Threshold=ERROR log4j.appender.grouper_mail.BufferSize=100 log4j.appender.grouper_mail.Subject=Grouper <at:var at:name="envName" /> Error log4j.appender.grouper_mail.layout= org.apache.log4j.PatternLayout log4j.appender.grouper_mail.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %m%n # Loggers ## Default logger; will log *everything* log4j.rootLogger = WARN, grouper_error log4j.logger.edu = ERROR, grouper_mail log4j.logger.com = ERROR, grouper_mail log4j.logger.org = ERROR, grouper_mail
- Periodically check a service that uses XMPP to make sure the messaging is still working
- Check the daily Grouper report to get a summary of the total state of your Grouper installation
Setting Up Notifications
- For XMPP Notification, see XMPP documentation
- For email notification of items such as membership changes, disable date changes, or permission changes, use rules and follow the examples for use cases on email notification.