Considerations for reporting and auditing

When creating reports you should consider how your data is stored, made available for reports, and archived. The reports you can run use the audit data and the data store.

An issue arises when you have more than one instances of OneSpan Authentication Server in your system. Audit messages can be stored on a database or in local text files. The database storage option can be local or centralized. Text files are always stored locally.

When a report is run, the data has to be in a database. The report can only read one database at a time, so if (a) there is more than one OneSpan Authentication Server instance writing audit data to individual databases or (b) the audit data is being written to one or more text files, the following options are available to enable reports to run on all audit data:

Online centralized database

If you have a centralized audit database, all instances of OneSpan Authentication Server will write to this database all the time. All reports can be run against this database all the time. If the centralized database is used, it must be configured to be fast and big enough to cope with the load of audit data.

If you choose to install the embedded MariaDB database with OneSpan Authentication Server, your default audit method will be ODBC database. In addition, OneSpan Authentication Server will automatically configure DSN according to the settings used during installation.

You can also edit the settings for DSN, user name, and password in the ODBC Audit Settings tab in the Reporting and Audit scenarios and the Auditing section of the OneSpan Authentication Server Configuration Utility.

Offline centralized database

Write the audit data locally, but periodically load the local data to a centralized audit database. Each OneSpan Authentication Server instance must be configured to read the audit data from the centralized database. Reports will only contain data up to the last update of the centralized audit database.

Offline centralized database with reporting server

Write the audit data locally, but periodically load the local data to a centralized audit database. Each OneSpan Authentication Server instance must be configured to read the audit data from the local audit data source. A reporting server can be installed that is configured to read its data from the centralized audit database.

Reports that need to use the latest data can be run on the server that retrieves its data locally. An example would be a user activity report for troubleshooting purposes.

Reports that need to use global data can be run on the reporting server. Reports will only contain data up to the last update of the centralized audit database.

No centralized audit data

Configure each OneSpan Authentication Server instance to retrieve audit report data locally.

You have an option to upload audit data in the Maintenance Wizard. This will allow you to configure OneSpan Authentication Server to upload local audit data to a centralized audit database.

Archiving strategy

If you are running reports that will require data spread out over a long period of time, the reports will take a long time to complete as the data volume gets bigger. The best way to deal with this growth is to archive the data. It is best to develop a good archiving strategy when your system is being implemented. Consider the kind of data you will want to report on, and the length of time you would like data to be available before being archived. Remember, archived data cannot be included in reports.

Indexing

When reports that use large amounts of data are produced, they can take a long time to process. To help make these reports run faster you can add additional indexing to the searchable fields on the database.

If you intend to work with the User Dashboard and view recent user and authenticator activity, we recommend that you set the indexing level for the vdsAuditMsg table to 1, to prevent authentication and report performance loss. For more information about the various levels of indexing, refer to the OneSpan Authentication Server Administrator Reference.

Decreasing the maximum report size

You can also decrease the size of generated reports via the Report-Size-Limit parameter. This helps to prevent the reporting process from consuming too much memory.

The Report-Size-Limit parameter is configured directly in the OneSpan Authentication Server configuration file (identikeyconfig.xml). By default, this file is located in the following folder:

/etc/vasco/ias (Linux)

%PROGRAMFILES%\VASCO\IDENTIKEY Authentication Server\bin (Windows)

This parameter is listed under Report-Location in the Reporting Scenario configuration, i.e. nested under ScenarioModule4. Report-Size-Limit specifies a data point limit. In this case, the data point limit is the maximum number of distinct data fields (i.e. each user ID, domain, or organizational unit entry) shown in a report. The data point limit effectively limits the size of the report.

The default Report-Size-Limit value is 100,000. While this is adequate for most installations, you can decrease this value if running a reporting task slows down OneSpan Authentication Server significantly. Note that modifying the Report-Size-Limit value requires that you restart OneSpan Authentication Server.

OneSpan Authentication Server uses a third-party library – Haru – to generate PDF reports. Haru has an internal PDF size limit. Increasing the Report-Size-Limit value also increases the chances of reaching Haru's PDF size limit. When this occurs, the reporting task will fail.

As such, if you need to increase the Report-Size-Limit value, use the XML or HTML report templates instead.

Generate reports in environments with multiple OneSpan Authentication Server instances

In environments with multiple OneSpan Authentication Server instances, generating reports and other administrative tasks can be handled in different ways, depending on the database and replication setup of your system.

For more information about how administrative tasks are performed in multi-server environments, see Administration with multiple OneSpan Authentication Server instances.

Multiple reports and load balancing

To optimize CPU and memory usage, multiple report tasks are processed in serial order, with each OneSpan Authentication Server instance allowed to run one report task at a time. By default, multiple report tasks are distributed across all server instances and are thus automatically load balanced. In replicated environments, tasks with the task mode set to ANY are handled as to run in SPECIFIC mode on replication instances. New tasks that are created in a replicated environment are set to SPECIFIC by default.

If you want to run reports solely on a dedicated reporting server, you need to disable the Reporting Scenario in the OneSpan Authentication Server Configuration Utility for all other OneSpan Authentication Server instances. In this case, the reporting server will be the only instance for report handling, and it will process and run one report task at a time.

In environments with a dedicated reporting server, if you connect to a OneSpan Authentication Server instance that has the Reporting Scenario disabled, the REPORTS menu will not be available in the Administration Web Interface.

You can create and run report tasks only when connected to the reporting server instance.