October 29th, 2020
A budgeting and planning solution should always provide a good audit trail. So, what kind of audit trail is available for Cognos Planning Analytics (TM1)? IBM Planning Analytics maintains a detailed log of all changes in the system. The log tracks changes by the users and processes as well as data changes and structural changes. This is music to your compliance team’s ears, especially if you have to comply with the Sarbanes-Oxley Act. (If you want to learn more about SOX and IBM Planning Analytics check out our earlier blog, Is the IBM ILMT tool SOX Compliant when used with Cognos?)
TM1 Logging Types
The Cognos Planning Analytics administrator can turn off or on two types of logging.
- Transaction Log - captures all changes to data caused by end users, rules or processes
- Audit Log - captures changes to metadata, security, logon information and other system activity detail
TM1 Transaction Log
If you want to see a simple list of all changes in values, you will look at the TM1 transaction log. It also records the cube name, time and date, username and values before and after the change. Cube logging can be enabled and disabled for specific cubes. The changes are recorded in the tm1s.log file.
One thing to note is that transaction logging can be enabled and disabled during TurboIntegrator processes by using the CubeSetLogChanges() TurboIntegrator function. Lodestar Solutions recommends you consider disabling transaction logging during a TurboIntegrator process that loads a large volume of data to a cube because the file can get quite large. If a TurboIntegrator process can be rerun to reload the same data into a cube, transaction logging can most likely be disabled during the TurboIntegrator process. For more information, see CubeSetLogChanges.
For more details on the TM1 Transaction Log see the IBM Knowledge Center.
TM1 Audit Log
The TM1 audit log monitors changes to metadata, such as modifications to dimensions, views and subsets. It also tracks login and TurboIntegrator process execution. By default, audit logging is disabled and must be manually enabled for each server you want to monitor. When it is on it monitors everything, you can’t only have it monitor certain activity. Audit logging is enabled and disabled with the AuditLogOn parameter in tm1s.cfg file.
You can query and view the audit log using the Audit Log window, available in TM1 Server Explorer. When you turn the audit log on you might want to monitor it because it can get quite large. Some of our TM1 clients opt to turn it on only in the final stages of the budget renew process, especially if you are starting with a zero-based budget. For more details on the TM1 Audit Log see the IBM Knowledge Center.
How to Archive TM1 Audit Logs with IBM Cognos Planning Analytics
We mentioned the TM1 log files can get quite large, especially if you did not limit the auditing to particular cubes and processes. We all have experienced when you run out of space, weird things can happen. So, you may want to archive your TM1 audit logs. To do this we recommend you use the Turbo Integrator (TI) process ‘SYS_IBM_Archive_TransactionLog.pro’. This process is designed to move old transaction log files from a specified TM1 Log File Directory to a separate ‘archiving’ directory.
Turn on Audit Trail in Cognos Planning Analytics - TM1
Yes, Lodestar Solutions recommends clients to leverage the TM1 audit trail capabilities. However, we do recommend you do so with proper planning. Just turning it on and letting it collect data could result in a bloated log file that causes issues.
Contact Lodestar Solutions
If you have any questions about what kind of audit trail is available for Cognos Planning Analytics (TM1) and how you should leverage the various components for auditing, don’t hesitate to reach out to us at Services@lodestarsolutions.com.
Visit our website; www.lodestarsolutions.com.