Small company logo:
   History
 
Advertising banner:
 
 C501
Home • Help • A0 • Administration • C501
 
Audit



About audit
The system audit performs the following important functions in your FirstClass server:
•       performing repairs to your network store
•       performing automatic updates
•       deleting expired user accounts
•       removing deleted and expired items.
4272004_110434_1.pngCaution
Audit performs repairs to your system, never disable this function.
The server can deliver messages during audit, but audit cannot be performed on items in use.
The amount of time audit takes to run depends on the size and complexity of your network store and whether you run a full audit (on the whole system), a single audit (on an individual user or container), or multiple single audits. It can range from hours for a large network store to a few minutes for a small one, or as little as a few seconds for a user. To find out how long audit takes on your FirstClass system, check the console messages, or server log files.
06092010_122716_1.pngNote
The first audit primes the search index by opening each document in the system and processing it. Expect your first audit to take much more time than usual.
When you start your server, the console will display a message stating the time the next audit is scheduled to start.
When the audit ends, the console will display the date and time the next automatic audit is scheduled to start.
Protected mode
If the server has not been started within 24 hour period since the last shutdown, the server will start in "protected mode". In protected mode, audit will still perform system repairs, but will not remove any expired or deleted items. This is especially useful if the server has been down for system or network repairs or upgrades for more than 24 hours since the last shutdown.
When the server is restarted from a crash, the next scheduled audit is skipped. The console will display the following:
Start Up: Next audit will be rescheduled
To return to normal functioning, force a full audit.
The audit summary
Once an audit has ended, a summary is sent to the Audit summaries folder in the administrator's Mailbox. This report contains information about system repairs or issues encountered during the audit. The icon used indicates the urgency of the summary and whether action is required.
10604_24649_0.pngAudit repair that may contain an item that may be salvaged.
10604_24927_2.pngErrors were found.
10604_24950_4.pngProblems were found and some may have been repaired.
10604_25012_6.pngNo errors or problems found. Report is informational only.
A full audit has the subject "Audit Summary".
A single audit has the subject "Single Audit Report".
Removing deleted or expired items
Before discussing how audit removes deleted or expired items, we need to look at the basic lifecycle of a message:
752006_95607_0.jpg
1 The item expiry is set by the administrator at a system-wide level on the Timers tab of the System Profile. Users can override this setting at the container or item level.
2 The "Default" expiry on folders is "never". The administrator can change this setting on the All Folders container template if disk space is an issue, but this is not recommended.
3 The removal expiry is set by default to 1 day. The administrator can change this for all users or by group on the Limits tab of the Group Privileges form.
06092010_122716_1.pngNote
Although the message is described as moving from one location to another in the above example, it is actually only the link to the message that moves at all. From the time the message is created until the item is actually removed from the system during a full audit, it remains in one place in the server.
The FirstClass server stores only a single copy of each message. For example, if you send a message to six different users, FirstClass saves only one copy of the file containing the message on the server and places a link to that file in each recipient’s Mailbox. When a recipient opens the link from his Mailbox or a conference, FirstClass opens the original file on the server. This method helps reduce disk space requirements when large messages are sent to multiple recipients.
When a recipient or the sender deletes the message from his Mailbox, the actual file is not deleted. The user's link to the message is moved to the user's Trash Can and is removed after the number of days specified by the administrator on the Group Privileges form. A file can only be deleted from the server when there are no more links to that file. For example, the file for a message sent to six people is deleted only after the sender and all six recipients have deleted it.
An audit also deletes expired files. Every item in your system has an expiry date – a date after which it will automatically be deleted from the server. When the audit finds a file (or a link) whose expiry date has passed, it deletes the item, moving the link to the Trash Can. The expiry date is calculated by adding the expiry period to the date that the item was last edited.
You, as administrator, can set expiry periods in several ways:
•       Set expiry for deleted items (the Trash Can) on the Group Privileges form. We suggest you set this globally at the All Users level and, if required, override it for smaller groups.
•       Set expiry for private mail and conference items in the System Profile.
•       Set specific expiry periods for the entire contents of a conference on the Conference Permissions form.
By default, users' folders have an expiry of Never. Users can edit the expiry period for individual messages or documents in their Mailbox or personal containers using File > Get Info (Mac OS/Mac OS X) or File > Properties (Windows). You can also grant users the Set Expiry privilege in conferences and their Mailbox, allowing them to set expiry periods for messages they send. These expiry periods override all previous settings.
Use expiry periods to avoid disk space shortages. Base the length of the expiry period on the amount of disk space available on your server machine. If you have ample disk space and low traffic, consider a long expiry period (such as several years). If you are short of disk space, use a short expiry period (such as 30 days).
The audit automatically moves expired items to the Trash Can to await removal, even if they have not been read by all recipients.
Undelete
The undelete command allows users to recover items they have deleted. There are several ways to undelete a file or a container:
Option 1
Open the container where the item was located and choose View > Show Deleted Items. Right-click the item and choose Undelete.
Option 2
If you cannot remember where the item was located, open the Trash Can on the Desktop. Locate the item and either right-click the item and choose Undelete, or drag the item to another container. If the item is no longer in the Trash Can, it has been deleted for more than the number of days specified for the user's primary group and has been deleted from the system by the regular audit.
Undeleted items will be subject to the expiry period of the container where they are located. If the user had a custom expiry set on the item before it expired or was deleted, undeleting will not restore this setting. The item will inherit the expiry period of the container into which it is moved.
Removing expired user accounts
You can configure audit to delete inactive user accounts. In the System Profile, specify the maximum period for which user accounts can be inactive. User accounts inactive for this length of time or longer are automatically deleted from your Directory, along with the contents of their Mailboxes.
FirstClass server updates
When audit runs, a number of log files and statistics reports are generated about the activity on your system and how your system is processing data. These log files and statistics reports are an essential tool in troubleshooting system errors.


Automatic full audit
By default, the FirstClass server is set to perform automatic full audit once a day.
Since a full audit may slow down your server, try to schedule automatic full audit for off-peak times when there are usually few users online. By default, the automatic full audit runs daily at 3:00 AM.
To change the scheduled time:
1       Choose Admin > System Profile on the administrator's Desktop.
2       Change the time at "Audit time" on the Timers tab.
Specifying a start and end time
If you specify a start and end time for automatic full audit, the console will display the scheduled audit end time when the audit begins. If you change the end time in the system profile while the audit is running, the change will not take effect until the next time the audit starts.
If the audit is stopped and then force started during the run-time window, it will stop at the end time specified on the system profile. (If it is force started outside of the run-time window it will run until the scheduled end time (or to completion, if that comes first)).
If the audit finishes before the scheduled end time, it will not run again until the next scheduled start time. (It will never loop back to the beginning.)
•       If the audit does not complete before the end time, the audit will stop exactly where it is at the end time. The next time the audit runs it will start at the same user who was being audited when the audit was stopped.
If the audit began as a resumption of a previous stopped audit (did not complete before end time, or was stopped while running), and the audit reaches the end of the network store before the end time, the audit will end. It will never loop back to the beginning.
•       If your server is not running when audit is scheduled to start and is started again before the specified end time, audit will run when the server starts, and will end at the specified end time.
•       If the audit begins but the server is shut down while the audit is running (or the audit is stopped), the audit will not resume automatically. The audit will only start once during the run-time window.
Specifying a start time only
If you have specified a start time only audit will run to completion.
Since the default run-time window is 24 hours, if your server is not running when the audit is scheduled to start, audit will run when the server starts (and will run to completion (unless you stop it)).
If the audit starts and is manually stopped (the server is shutdown or you stop the audit), the audit will not resume again automatically in that 24-hour window. Audit will only run automatically once during the 24-hour run-time window.


Manual full audit
You can force the audit task to run immediately.
If you run out of disk space, you must delete unnecessary files. The disk space released as a result of these deletions, however, is not available until you force an audit.
To force a full audit do one of the following:
•       from the administrator's Desktop choose Admin > Control > Audit
•       from the server console choose System > Audit.
Since server performance is decreased during audit, only force a manual full audit when necessary; it's better to wait for automatic full audit, or to run a single audit on specific users or conferences.
06092010_122716_1.pngNote
We suggest that you disable logging before starting a manual full audit, as sessions on slow servers might experience communication link failures and be dropped.


Using audit to fix network store issues
In the past, when there was evidence of errors in the network store, it was strongly recommended to not run trash collection.
With the new audit capabilities, it is now strongly recommended that the first step in network store diagnostics and repair be to run an audit (on the user, conference or the entire server, depending on the issue).
The audit will repair the network store entirely if there is not a file sharing violation.
In some cases, some data is salvageable but the repair would need to be completed manually (restoring links to objects, etc.). In this case, an audit repair notification will be sent to the administrator's Mailbox. The information in the audit repair notification can be used by customer support to repair the problem. These issues are not time-sensitive and will not be damaged by subsequent audits.


Single audit
If a user or conference has damaged or missing data, run a single audit on the affected user or object to diagnose the account's Directory entries and/or fix the damaged or missing files (this does not refer to manually deleted or moved messages or objects). Single audits always run in protected mode, meaning they will not remove any items.
06092010_122716_1.pngNote
You can run multiple single audits at once.
06092010_122716_1.pngNote
Users cannot use the Undelete command to recover their deleted files once an audit has been run.
1       Locate the user/conference in the List Directory.
2       Click Audit at the top of the form.
If the damage is repairable, the audit will repair it.
If the damage is not repairable automatically, but may be repairable manually, an audit repair notification will be sent to the administrator's Mailbox.
Single audits which are queued or running when the full audit is scheduled to start, will complete before the full audit begins.
06092010_122716_1.pngNote
Audits of unlisted items must be done using the FirstClass scripting AUDIT command.


Console output messages
If a full audit is initiated by the admin using the Admin menu, the console output message will look like the following:
102103_122651_0.png
If a full audit is initiated by a user with subadmin privileges, the console output message will look like the following:
102103_123035_0.png
If a single audit is initiated on a user, the console output message will look like the following:
102103_122823_1.png
If a single audit is initiated on a conference (in this case, Finance Area), the console output message will look like the following:
102103_122913_2.png