Database Server log ALog ConVerter DB

01.Overview

ALog ConVerter DB is software that collects operation logs for corporate databases (SQL Server, Oracle) without the need for an agent, analyzing and converting logs into an easily readable form ready for long-term storage.

02.Features

Point 1

Easily Readable Analysis of Complex Database Logs

ALog ConVerter extracts data access records from complex system data, using unique, world-class log analysis and conversion technology to compile logs into easily readable access logs.

Turn unreadable trace logs into operation logs easily understood by anyone

For example, any changes to a payroll database will show exactly what was changed and how.

Any bulk copies of a customer database (other than legitimate access) will be indicated as irregular (unauthorized) access in the log.

Point 2

Obtain Often-Overlooked Information Regarding Local Accesses

When using the log management method in which network packets are acquired, local access information cannot be seen, since only the communication path is monitored.
If local direct access is not recorded, any countermeasures may not work.
Since ALog ConVerter DB uses server trace logs as a resource, information on local operations can be acquired.

Point 3

Various Log Types

Access Logs

Records the history of user access to the database. Records operations such as reading, updating, and logging on to the table.

Time User Server Target Operation Details
2015/7/23 20:03:32 Domain¥Kawasaki DC001¥ins01 Data in the table "t_user" was referenced. DB_SELECT AppName:Microsoft SQL Server Management Studio - Query
ClientName:pc01
Count:1 DB:Northwind
2015/7/23 20:05:05 Domain¥Kawasaki DC001¥ins01 Data in the table "t_user" has been updated. DB_UPDATE AppName:Microsoft SQL Server Management Studio - Query
ClientName:pc01
Count:1 DB:Northwind
Access Log Type
Operation Details Operation Details
DB_LOGON Logged on to the database DB_INSERT Added table data
DB_LOGOFF Logged off from the database DB_DELETE Deleted table data
DB_SELECT Referred to table data DB_UPDATE Updated table data

* Operation failure logs also obtainable.

Database Logon / Logoff Log

Records when user logs on/off database.

Time User Server Target Operation Details
2015/7/23 20:01:00 Domain¥Kawasaki DC001¥ins01 pc1 DB_LOGON AppName:Microsoft SQL Server Management Studio
ClientName:pc01 Count:1 DB:master
2015/7/23 20:05:05 Domain¥Kawasaki DC001¥ins01 pc1 DB_LOGOFF AppName:Microsoft SQL Server Management Studio
ClientName:pc01 Count:1 DB:master

Administrator Operation Log

Records operations performed by the DB operation administrator, such as adding / deleting users and changing tables.

Time User Server Target Operation Details
2015/8/15 21:00:00 Domain¥Superman DC011¥DB53 Table "t_user" has been created. DB_ADMIN AppName:OSQL-32
ClientName:pc01
Count:1 DB:master
Administrator Operation Log Types
Operation Details
DB_ADMIN Table Addition / Change / Deletion
Index Addition / Change / Deletion
Database Addition / Change / Deletion
Execution logs for user addition, change, deletion, etc.

* Also acquires operation logs of SYSDBA users (privileged superusers) for Oracle.

03.Operating Environment / Price

  • Manager Server
  • for SQL Server
  • for Oracle

Manager Server

System Requirements

Location On-premises environment
  • * Supports physical / virtualized environment (VMWare, Hyper-V, Citrix XenServer)
Cloud environment (AWS, Azure, etc.)
Supported OS Windows Server 2016 / 2019 / 2022
  • * Not compatible with 32-bit OS
  • * Supports service pack of each OS (SP)
  • * Supports each edition (Standard / Enterprise / Datacenter)
  • * Supports virtual environments (VMWare, Hyper-V, Citrix XenServer) and supports cloud environments
  • * This is the operating environment for the latest version of ALog.
CPU Recommended 2.7GHz and 8 cores or more (minimum 2.0GHz and 4 cores)
Memory Recommended 32GB or more (minimum 8GB)
HDD 500GB or more free space
  • * SSD recommended
  • * More available space may be required depending on number of Target Servers and storage period of access logs.
Required Software .NET Framework 4.8 or later version
Any of the following Web browsers:
  Firefox 68 or later
  Google Chrome 76 or later
  Microsoft Edge
Microsoft SQL Server
  • * If the target server is a SQL Server and “SQL Trace” is selected in the audit settings, the version must be greater than or equal to the server for which logs are collected.

* A manager server license is not required.

SQL Server

System Requirements

Supported OS Windows Server 2016 / 2019 / 2022
  • * Supports service pack of each OS (SP)
  • * Supports each edition (Standard / Enterprise / Datacenter)
  • * Supports virtualized environment (VMWare, Hyper-V, Citrix XenServer)
Compatible SQL Server Microsoft SQL Server 2014 / 2016 / 2017 / 2019 / 2022
  • * Supports each edition (Standard / Enterprise / Business Intelligence)
  • * Supports also 32-bit, 64-bit versions
Required Software .NET Framework 4.5 SP1 or later (agent type only)

* This is the operating environment for the latest version of ALog.

Operating Environment
  • Remote connection to SQL Server from Manager Server to Target Server must be allowed.
  • When the log collection method is agent type, files must be able to be written from the Target Server to a shared folder on the Manager Server.
  • Shared administrator access to the Target Server.

Oracle

System Requirements

Supported OS Windows Server 2016 / 2019 / 2022
Red Hat Enterprise Linux 5 / 6 / 7 / 8
Oracle Linux 6.8 (also compatible with UEK)
Supported Oracle Database Oracle Database 12.2.x / 18.3 / 19.3 / 21.1
  • * Express Edition / Personal Edition are not supported.
Required Software .NET Framework 4.5 SP or later (only with Windows Server OS and agent type method)
Oracle Client

* Please contact us for combinations other than ones shown above.

* This is the operating environment for the latest version of ALog.

Operating Environment
  • Capable of using AUDIT_TRAIL for database audit (audit settings may be changed if already configured).
  • When the log collection method is agent type, files must be able to be written from the Target Server to a shared folder on the Manager Server.
  • Shared administrator access to the Target Server when using Windows OS.
  • In the case of LinuxOS, FTP/SFTP servers can be used.
  • If the log collection method is the agent method, the target server must be using a 64-bit OS.
Log output format for each version
Version Log output
Oracle 11.1.x、11.2.x OS / XML / DB
Oracle 12.1.x、12.2.x OS / XML / DB
Oracle 18.3 OS / XML / DB
Oracle 19.3 OS / XML / DB

04.FAQ

ALog ConVerter DB specifications and structure

View all

  • What kind of logs can I acquire with ALog ConVerter DB?

    The following types of logs can be acquired from the ALog ConVerter DB.

    - Access Logs: Reference table, delete, add, and update logs
    - Logon / Logoff Logs: Logs of logons to and logoffs out of the database
    - Database Administrator Operation Logs: Logs of users added to the database, tables created, etc.
    - RAW SQL Logs: Logs of SQL commands executed in the database

  • What is a trace log?

    A trace log is an audit log detailing the database application output of servers such as Microsoft SQL Server and Oracle Database.
    ALog ConVerter DB analyzes and transforms this trace log and formats the user's database operations into a human-readable log.

  • Why do I need to convert the trace log?

    It is very difficult to understand the original trace logs output by database applications showing user operations.
    By converting those trace logs with ALog ConVerter DB, information that was originally unreadable becomes readable, for example, "Mr. A deleted XX table" and "Mr. B added a new user".

  • Is it possible to get the database logs using a web application?

    Yes.

    However, the displayed client name and username will be those of the user accessing the database from a web application and its server.

  • Is it possible to obtain the PC name of the client and the IP address of the user accessing the database using a web application?

    This is only possible if the web application or its server has this information. Namely, the PC name of the client and the IP address of the user accessing the database via web application.
    By acquiring the web application log using ALog serious product ALogEVA, that log can be linked with the database access log.

  • Is it possible to retrieve logs for only specific applications?

    Yes.

    By changing the filter settings on the management screen of ALog ConVerter, it is possible to get only logs of specific applications, and exclude certain applications' logs as well.

About the installation and operation of ALog ConVerter DB

View all

  • Will database performance suffer from installing ALog ConVerter DB?

    For SQL Servers, there will be almost no performance drop.
    In the case of Oracle, there is almost no performance drop unless you get RAWSQL (SQL statement).

  • Are special settings needed to output the trace log?

    ALog ConVerter DB automatically sets the output of the trace log for the database to be collected, so on the consumer side, there is no need to change the settings in order to output the trace log.
    However, when the database is restarted (including an OS restart), the trace log output is reset using the stored procedure's automatic start function.If it is not set to start automatically, settings will need to be changed.
    It should be noted that to use ALog ConVerter for Oracle, certain preparations are necessary, such as registering an account that has access rights to the Oracle for which logs are collected.

Licenses

View all

  • What licenses are required?

    Purchase as many licenses as there are databases for which logs are collected.
    In a multi-tenant configuration, as many licenses will be required as there are container databases (CDB) and pluggable databases (PDB) for which logs are collected.

  • If the server for which logs are collected is a logical server, does the required number of licenses change?

    The number of required licenses does not change.One license is required for each server, regardless of whether it is a physical server or a logical server.

  • If there are multiple instances on a server, does the number of required licenses change?

    Purchase as many licenses as there are databases for which logs are collected.
    In a multi-tenant configuration, as many licenses will be required as there are container databases (CDB) and pluggable databases (PDB) for which logs are collected.

    Example 1) Collecting logs from all instances when there are multiple instances

    Collecting logs from all instances when there are multiple instances

    例Example 2) Collecting logs from PDB1 and PDB2 in an Oracle multi-tenant configuration

    Collecting logs from PDB1 and PDB2 in an Oracle multi-tenant configuration

  • Does the number of required licenses change in the case of a cluster configuration?

    As a general rule, only in the case of an Oracle RAC configuration, the number of required licenses is the number of instances multiplied by the number of databases.Please contact us for details.
    Please contact us in the case of redundant configurations other than Oracle RAC and MSFC (with an SQL Server database).

  • Is it necessary to purchase database software or anything else in addition to ALog ConVerter?

    To use for Oracle, it is necessary to install the Oracle client and register an account that has access rights to the Oracle for which logs are collected.

    In the case of a SQL Server, since the SQL Server function is used to convert the trace log, a version of the SQL Server equal to or higher than the SQL Server for which the log is to be collected is required.
    (Example: If you want to collect SQL Server 2008 logs, you should have SQL Server 2008 or higher installed on the manager server)

  • Is a maintenance contract required?

    A maintenance contract is required for the first year.ALog ConVerter updates the analysis and conversion engine used for access logs from time to time according to version upgrades of supported products (server OS, database, client OS).
    If your maintenance contract expires, you will not be able to update the conversion engine and may not be able to correctly convert logs. As such, we recommend that you keep your maintenance contract active during your period of use.

  • Is a manager server license required?

    No.

  • Is there a volume discount when purchasing additional licenses?

    No.When making multiple purchases, you will be charged at the same rate as for individual purchases. There will be no difference.
    (We recommend that when purchasing you consider the total number of servers at the time of your initial purchase)

Catalog Download

  • ALog Series
    Product Overview
    Document

    Introducing ALog Converter / ALog Converter DB / ALog EVA

    Download

  • Resource Athlete
    Product Overview
    Document

    Introducing Resource Athlete

    Download

  • The definitive guide
    to log management

    It is a collection of log management know-how that can be used by both beginners and experts.

    Download

  • Visualization of
    threats by SIEM

    From the basics of [why not notice cyber attacks] to [creating a concrete mechanism for automatic detection]. Introducing efficient cyber security measures from the perspective of log management.

    Download

  • Microsoft 365
    Log Management
    Practice Guide

    Introducing a method to automatically manage "security measures for cloud services" using Microsoft 365 as an example.

    Download

  • Your PC is exposed to
    attackers from the Web

    A telework environment that is a hotbed for cyber attacks. Where is the threat lurking? Introducing the points of countermeasures while unraveling the attack method.

    Download

  • Internal Fraud
    Countermeasures

    Information leakage incidents with a loss of over 400 million yen can occur on a daily basis! Based on damage cases mainly due to internal fraud, we analyze information leakage routes and introduce efficient monitoring points.

    Download
Back to top