Transcript Configuration Loggingx

Configuration Logging
Project Excalibur
Miho Hoshino, WW Support Readiness
April, 2013
Configuration logging
• Log administrative changes to database
• Makes it easy to identify any modifications that may need to be rolled back
• Configuration logging has been available with XenApp (4.5 and higher) and
XenDesktop 4 SP1
• No configuration logging capability with XenDesktop 5.x
© 2013 Citrix | Confidential – Do Not Distribute
Configuration logging in Excalibur
• Capture site configuration changes and administrative activities to database
• Can be viewed in Studio using a variety of filters and generate HTML and CSV
reports
• Requires the Edit Logging Preferences and View Configuration Logs
permissions to control Configuration logging
• Enabled by default
© 2013 Citrix | Confidential – Do Not Distribute
What is logged
• Configuration changes and
administrative activities initiated from
Studio, Director, and PowerShell
scripts are logged
PowerShell
• Examples:
ᵒ Creating or editing a Host
ᵒ Adding a user to a Delivery Group
ᵒ Changing power management settings for a
Delivery Group
ᵒ Adding an administrator
ᵒ Power control of a virtual machine
ᵒ Shutdown/start/restart of a user desktop
ᵒ Studio or Director sending a message to a
user
© 2013 Citrix | Confidential – Do Not Distribute
logged
Desktop Studio
Director
What is not logged
• What is not logged:
ᵒ Autonomic operations such as pool
management power-on of virtual machines
ᵒ The very early stages of configuration are
not logged as Configuration Logging
becomes available when its service instance
registers with the Configuration Service
ᵒ Changes made through the registry, direct
access of the Database, or from sources
other than Studio, Director, or PowerShell
© 2013 Citrix | Confidential – Do Not Distribute
Not
logged
How to enable/disable Configuration Logging
1. From Citrix Studio, select Logging
in the left pane
2. In the Actions pane, click
Preference. Select the
Enable/Disable radio button
(Enable is selected by default)
© 2013 Citrix | Confidential – Do Not Distribute
Configuration Logging Database
• Uses the main site database by default
• Can use a different database for Configuration Logging (highly recommended)
• Supported database:
ᵒ SQL Server 2012 SP1 - Express, Standard, and Enterprise Editions
ᵒ SQL Server 2008 R2 SP2 – Express, Standard, Enterprise, and Datacenter Editions
Configuration
Logging
Database
Monitoring
Database
Includes by default
© 2013 Citrix | Confidential – Do Not Distribute
Site Configuration
Database
Using the main site database by default
Configuration Logging database
ConfigLoggingSchema
© 2013 Citrix | Confidential – Do Not Distribute
How to change the database location (1/2)
From Studio,
select
Logging in
the left pane
© 2013 Citrix | Confidential – Do Not Distribute
In the
Actions
pane, click
Preferences
Click Change
logging
database
How to change the database location (2/2)
Specify the
location of the
server containing
the new database
server and the
database name
© 2013 Citrix | Confidential – Do Not Distribute
If you want Studio
to create the
database, click OK
or Test connection.
When prompted,
click OK
Studio will create
the database
automatically
How to enable/disable mandatory logging
1. From Citrix Studio, select Logging
in the left pane
2. In the Actions pane, click
Preference.
o
o
Clear the Allow changes when the
database is disconnected
checkbox to enable mandatory
logging.
Select the Allow changes when the
database is disconnected
checkbox to disable mandatory
logging
(This is selected by default)
© 2013 Citrix | Confidential – Do Not Distribute
Mandatory logging enabled:
No configuration change or administrative activity that
would normally be logged will be allowed unless it can be
written in the database used for Configuration Logging
Select Logging to display
configuration log content
Newest
Displaying configuration log content (1/2)
The log content is displayed
chronologically (newest
entries first) by default
Select an interval from the
drop down list box:
• Last six months
• Last three months
• Last 28 days
• Last 7 days
• Today
Enter text in the Search box
to filter logs
© 2013 Citrix | Confidential – Do Not Distribute
Displaying configuration log content (2/2)
High level operations:
A high level operation
results in one or more
service and SDK calls,
which are low level
operations
Low level operations are
displayed when you select a
high level operation in the
upper portion of the center
pane
© 2013 Citrix | Confidential – Do Not Distribute
Generating configuration log reports (1/2)
Click Create custom
report in the Actions pane
Select the date range for
the report
Select the report format and
browse to the location
where the report should be
saved
© 2013 Citrix | Confidential – Do Not Distribute
Generating configuration log reports (2/2)
© 2013 Citrix | Confidential – Do Not Distribute
Deleting configuration log content
Click Delete logs in the
Actions pane
Choose to create a backup
or not
Review your selection and
click Finish
© 2013 Citrix | Confidential – Do Not Distribute
Requirements to delete configuration logs (1/3)
Delegated
Administration
permission
Can delete
configuration
logs
SQL Server
database
permission
© 2013 Citrix | Confidential – Do Not Distribute
Requirements to delete configuration logs (2/3)
For delegated Administration permission
• Delegated Administration
Built-in
Full Administrator
Custom
A custom role that has Read Only or
Manage selected in the Logging
permissions category
© 2013 Citrix | Confidential – Do Not Distribute
Requirements to delete configuration logs (3/3)
For SQL Server database permission
• SQL Server database login with at least one of the following roles:
Server role
Database role for the Configuration
Logging database
sysadmin
(public)
serveradmin
(public)
setupadmin
(public)
(public)
ConfigurationLoggingSchema_ROLE
(public)
db_owner
© 2013 Citrix | Confidential – Do Not Distribute
How-to: Creating a SQL Server login (1/2)
Setting server role(s)
Right-click the
Security folder,
point to New
and then click
Login
© 2013 Citrix | Confidential – Do Not Distribute
Enter a name
(and password)
for the login on
the General
page
Select the
Server Roles
page and set
server roles
How-to: Creating a SQL Server login (2/2)
Specifying the database that the login is allowed to access
Place a check mark
next to the database
that you wish to
have the login to get
access
© 2013 Citrix | Confidential – Do Not Distribute
Can set database
roles here
Configuration logging internals
• Uses PowerShell SDK
ᵒ Installed with Studio
ᵒ Configuration logging is configured via SDK
• Uses the Citrix Configuration Logging Service
ᵒ Installed with the Delivery Controller
© 2013 Citrix | Confidential – Do Not Distribute
Configuration Logging architecture
Each service can generate
configuration log entries
and log entries are
conveyed via inter-service
WCF call to the logging
service
© 2013 Citrix | Confidential – Do Not Distribute
PowerShell cmdlets (1/2)
For configuration logging
• Set-LogSite
ᵒ Allows settings to be set
ᵒ Example:
Set-LogSite -State Enabled -Locale Chinese –AdminAddress “<controller
address>”
• Get-LogHighLevelOperation
ᵒ Retrieves existing High Level Operations based on filter criteria
• Get-LogLowLevelOperation
ᵒ Retrieves existing Low Level Operations based on filter criteria
© 2013 Citrix | Confidential – Do Not Distribute
PowerShell cmdlets (2/2)
For configuration logging
• Start-LogHighLevelOperation
ᵒ Logs the start of a new High Level Operation in the Logging Database
• Stop-LogHighLevelOperation
ᵒ Logs the completion of a new High Level Operation in the Logging Database
• Delete-LogOperation
ᵒ Deletes records from the database within a specified time range
• Export-LogCsvReport
ᵒ Generates a CSV report of the data in the database
• Export-LogHtmlReport
ᵒ Generates an HTML report of the data in the database
© 2013 Citrix | Confidential – Do Not Distribute
PowerShell cmdlets for Configuration logging
Example
$loggingId = Start-LogHighLevelOperation “Create Machine Catalog”
New-BrokerCatalog –Name “Catalog1” … -LoggingId $loggingId
New-ProvScheme –Name “Catalog1” … -LoggingId $loggingId
Etc…
Stop-LogHighLevelOperation –Id $loggingId
Desktop Studio uses configuration
logging high level entries to tie each
configuration logging entries.
© 2013 Citrix | Confidential – Do Not Distribute
The logging id (which is a GUID)
relates the operations together
Tracing Configuration Logging
•
•
•
•
•
•
© 2013 Citrix | Confidential – Do Not Distribute
ConfigurationLogging
ConfigurationLoggingDAL
ConfigurationLoggingFiltering
ConfigurationLoggingLog
ConfigurationLoggingLogging
ConfigurationLoggingSnapin
References
• eDocs (sandbox)
ᵒ http://edocssand.citrix.com/proddocs/topic/xendesktop-7/cds-configlog-wrapper.html
© 2013 Citrix | Confidential – Do Not Distribute
Work better. Live better.