AutoSys Workload Automation

 View Only
  • 1.  New Communities

    Posted Jul 11, 2019 05:48 PM
    ​Now that we have the new Broadcom Communities board, can someone please advise how I can search for my previously-submitted ideas/enhancements?

    Thanks,

    ------------------------------
    Denise Cronin
    ------------------------------


  • 2.  RE: New Communities

    Broadcom Employee
    Posted Jul 12, 2019 01:31 AM
    Hi,

    You can use the below link to see all the ideas in DE - 

    https://community.broadcom.com/ideation/allideas?Page=1&CategoryKeys=0cd7de88-ac45-4b67-b31e-0b7237e846df&StatusKeys=&Sort=MostRecent  

    I hope it helps!
    Ravi Kiran




  • 3.  RE: New Communities

    Posted Jul 12, 2019 11:10 AM

    Thanks, Kiran, that definitely helps. I was able to find my previous ideas. If you have the time, can you review this one and perhaps give us a recommendation on how to handle the auditor requests that we get every year?

     

    https://community.broadcom.com/participate/ideation-home/viewidea?IdeationKey=0886ea3f-b101-4a3d-b790-1ce8009c2b25

     

    Thanks,

     

    Denise

     

    _______________________________________________________________________________
    Denise Cronin
    Sr. Infrastructure Technical Analyst
    Manulife

    E    denise_cronin@jhancock.com
    T
        617 572 1073

    200 Berkeley St
    Boston, MA, USA, 02116


    image001.png@01D4935E.88301B50

     

     






  • 4.  RE: New Communities

    Broadcom Employee
    Posted Jul 23, 2019 06:20 AM
    Sure , let me check and respond to that request in the idea section.


  • 5.  RE: New Communities

    Posted Jul 29, 2019 02:59 PM
    We also get audited on a regular basis.  We switched to LDAP authentication as one means of appeasing the auditors and they prefer access be controlled from the security department alone. Sounds like your auditors want a lot more.  Keeping audit logs around for a year would be prohibitive, but what about scheduling a daily exportauditlog command followed by a program (powershell, bash, etc) that extracted just the login / logout information you need for that period then deleted the auditlog file.?

    If PowerShell is an option in your environment, I could probably get you 90% of the way there.

    ------------------------------
    Andy Reimer
    ------------------------------



  • 6.  RE: New Communities

    Posted Jul 29, 2019 05:09 PM
    I need to keep my PowerShell skills from getting rusty so I wrote up a script that will do pretty much what you need.
    While the documentation for the exportAuditLog command implies 8 fields, the output combines the date and time into one field, which is why the script only provides header names for 7.
    $auditlog = Import-Csv -Path C:\CA\dailyLog.csv -Header dateTime,token,type,user,action,actionName,response
    foreach ($record in $auditlog) {
    if ($record.type -eq "resp"-and $record.actionName -eq "wss connect" -and $record.user -ne "CLIADMIN") {Export-Csv -Append -Path C:\CA\logins.csv -InputObject $record }
    }
    The first line imports the csv into the variable $auditlog and provides headers
    The second line tells PowerShell to go through each line in the $auditlog and handle it as a variable called $record
    The third line exports the current $record if the type is "resp", the actionName is "wss connect" and the user is not "CLIADMIN".

    I excluded CLIADMIN because that is the ID we use to issue CLI commands and it featured predominantly in my test data.

    If you were to run this daily, the logins.csv file would simply grow as it is set to append, but you would be looking at a tiny fraction of the data in the original audit log files.

    ------------------------------
    Andy Reimer
    ------------------------------



  • 7.  RE: New Communities

    Posted Jul 31, 2019 06:03 PM
    Edited by Andy Reimer Jul 31, 2019 06:42 PM
    Figured I'd use this for ourselves as we never know what the auditors will ask for next year.  Better to have an not need etc.

    In order to use the regularly export yesterdays audit log you must, for the cli command, provide yesterdays date in the format of YYYYMMDD.  This turns out to be trickier than I first thought (unless I've missed something).  At any rate I've sorted out a solution.  If you add the following to the Javascripts at Event trigger time, you can use the %Yday in the arguments passed to CLI.bat and it will properly calculate yesterday's date.

     exportauditlog path("d:\\auditlog") name("Yesterday") startdate("%Yday") enddate("%Yday")

    var Ydate = new Date(Date.now() - 864e5); //for some reason javascript in DE doesn't like decrementing a date by 1, but it will decriment it by 86400000 milliseconds wich is the same thing as one day
    var yyyy = Ydate.getFullYear();
    var m = Ydate.getMonth()+1;
    var mm = m < 10 ? '0' + m : m;
    var d = Ydate.getDate();
    var dd = d < 10 ? '0' + d : d;
    var Yday = yyyy + mm + dd;

    *edit*  This assumes you don't want to schedule it at 23:59 and just use %APPL._AYEAR%APPL._AMM%APPL._ADD to generate today's date as 20190731

    ------------------------------
    Andy Reimer
    ------------------------------