roman
/
sastools
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Create getauditrecords.py (#33) 

* Create getauditrecords.py

* Update README.md
master
Ajmal Farzam 6 years ago
committed by Gerry Nelson
parent
24442658f0
commit
c669e738b4
2 changed files with 90 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      README.md
  2. 88
      getauditrecords.py

3
README.md
View File

@ -88,7 +88,7 @@ You must pass a method and endpoint. You can optionally pass json, content type
**List of some of the Additional Tools Available**
Additional tools provide more complex functionality by combining multiple calls to the callrestapi function, and post-processing the outpuit that is returned.
Additional tools provide more complex functionality by combining multiple calls to the callrestapi function, and post-processing the output that is returned.
* **getfolderid** returns the id of the folder based on the full folder path
* **deletefolder** deletes a folder based on the full folder path
@ -111,6 +111,7 @@ Additional tools provide more complex functionality by combining multiple calls
* **listcaslibsandeffectiveaccess.py** list all effective access on all CAS libraries on all servers
* **listcastablesandeffectiveaccess.py** list all effective access on all CAS tables in all CAS libraries on all servers
* **listgroupsandmembers.py** list all groups and all their members
* **getauditrecords.py** lists audit records from SAS Infrastructure Data Server in CSV or JSON format using REST calls.
Check back for additional tools and if you build a tool feel free to contribute it to the collection.

88
getauditrecords.py
View File

@ -0,0 +1,88 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# getauditrecords.py January 2020
#
# Extract list of audit records from SAS Infrastructure Data Server using REST API.
#
# Examples:
#
# 1. Return list of audit events from all users and applications
# ./getauditrecords.py
#
# Change History
#
# 10JAN2020 Comments added
#
# Copyright © 2018, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing permissions and limitations under the License.
#
# Import Python modules
import json
import socket
import argparse, sys
from sharedfunctions import callrestapi,getinputjson,simpleresults,getbaseurl,printresult
# Sample reqval="/audit/entries?filter=and(eq(application,'reports'),eq(state,'success'),ge(timeStamp,'2018-11-20'),le(timeStamp,'2020-11-20T23:59:59.999Z'))&sortBy=timeStamp&limit=1000"
# Parse arguments based on parameters that are passed in on the command line
parser = argparse.ArgumentParser()
parser.add_argument("-a","--application", help="Filter by Application or Service name",default=None)
parser.add_argument("-l","--limit", help="Maximum number of records to display",default='1000')
parser.add_argument("-t","--type", help="Filter by entry Type",default=None)
parser.add_argument("-c","--action", help="Filter by entry Action",default=None)
parser.add_argument("-s","--state", help="Filter by entry State",default=None)
parser.add_argument("-u","--user", help="Filter by Username",default=None)
parser.add_argument("-A","--after", help="Filter entries that are created after the specified timestamp. For example: 2020-01-03 or 2020-01-03T18:15Z",default=None)
parser.add_argument("-B","--before", help="Filter entries that are created before the specified timestamp. For example: 2020-01-03 or 2020-01-03T18:15Z",default=None)
parser.add_argument("-S","--sortby", help="Sort the output ascending by this field",default='timeStamp')
parser.add_argument("-o","--output", help="Output Style", choices=['csv','json','simple'],default='csv')
args = parser.parse_args()
appname=args.application
output_style=args.output
sort_order=args.sortby
output_limit=args.limit
username=args.user
entry_type=args.type
entry_action=args.action
entry_state=args.state
ts_after=args.after
ts_before=args.before
# Create list for filter conditions
filtercond=[]
if appname!=None: filtercond.append("eq(application,'"+appname+"')")
if username!=None: filtercond.append("eq(user,'"+username+"')")
if entry_type!=None: filtercond.append("eq(type,'"+entry_type+"')")
if entry_action!=None: filtercond.append("eq(action,'"+entry_action+"')")
if entry_state!=None: filtercond.append("eq(state,'"+entry_state+"')")
if ts_after!=None: filtercond.append("ge(timeStamp,'"+ts_after+"')")
if ts_before!=None: filtercond.append("le(timeStamp,'"+ts_before+"')")
# Construct filter
delimiter = ','
completefilter = 'and('+delimiter.join(filtercond)+')'
# Set request
reqtype = 'get'
reqval = "/audit/entries?filter="+completefilter+"&limit="+output_limit+"&sortBy="+sort_order
# Construct & print endpoint URL
baseurl=getbaseurl()
endpoint=baseurl+reqval
# print("REST endpoint: " +endpoint)
# Make REST API call, and process & print results
files_result_json=callrestapi(reqval,reqtype)
cols=['id','timeStamp','type','action','state','user','remoteAddress','application','description','uri']
printresult(files_result_json,output_style,cols)
Write Preview
Loading…
Cancel
Save