I need to keep my PowerShell skills from getting rusty so I wrote up a script that will do pretty much what you need.
While the documentation for the
exportAuditLog command implies 8 fields, the output combines the date and time into one field, which is why the script only provides header names for 7.
$auditlog = Import-Csv -Path C:\CA\dailyLog.csv -Header dateTime,token,type,user,action,actionName,response
foreach ($record in $auditlog) {
if ($record.type -eq "resp"-and $record.actionName -eq "wss connect" -and $record.user -ne "CLIADMIN") {Export-Csv -Append -Path C:\CA\logins.csv -InputObject $record }
}
The first line imports the csv into the variable $auditlog and provides headers
The second line tells PowerShell to go through each line in the $auditlog and handle it as a variable called $record
The third line exports the current $record if the type is "resp", the actionName is "wss connect" and the user is not "CLIADMIN".
I excluded CLIADMIN because that is the ID we use to issue CLI commands and it featured predominantly in my test data.
If you were to run this daily, the logins.csv file would simply grow as it is set to append, but you would be looking at a tiny fraction of the data in the original audit log files.
------------------------------
Andy Reimer
------------------------------
Original Message:
Sent: 07-29-2019 02:59 PM
From: Andy Reimer
Subject: New Communities
We also get audited on a regular basis. We switched to LDAP authentication as one means of appeasing the auditors and they prefer access be controlled from the security department alone. Sounds like your auditors want a lot more. Keeping audit logs around for a year would be prohibitive, but what about scheduling a daily exportauditlog command followed by a program (powershell, bash, etc) that extracted just the login / logout information you need for that period then deleted the auditlog file.?
If PowerShell is an option in your environment, I could probably get you 90% of the way there.
------------------------------
Andy Reimer
Original Message:
Sent: 07-12-2019 11:09 AM
From: Denise Cronin
Subject: New Communities
Original Message------
Hi,
You can use the below link to see all the ideas in DE - https://community.broadcom.com/ideation/allideas?Page=1&CategoryKeys=0cd7de88-ac45-4b67-b31e-0b7237e846df&StatusKeys=&Sort=MostRecent
I hope it helps!
Ravi Kiran