Adaxes

Custom Report Based on Logging Data Filter Criteria

0 votes

Hello,

I'd like to create a custom Adaxes report based on the following Logging Filters -

image.png

image.png

image.png

image.png

I'm currently having to filter the logs manually each time I want to gather this data but am wondering if there's some way to build a custom report using these same filters?

Let me know if it would be easier to jump on a call to discuss this further?

Thank you in advance!

by (480 points)
0

Hello,

Could you, please, clarify whether an external database is used for log records? For information on how to check/change the setting, please, have a look at the following help article: https://www.adaxes.com/help/?Logging.EnableMSSQL.html. Should the filters be hardcoded into the report or selected via report parameters? Live examples and any additional information about the desired report would be much appreciated.

by (216k points)
0

Hello,

It looks like we are using the builtin SQLite database.

If the report filters could be selected via paramaters that would be preferred but if its easier to hardcode the values into the report that works for me too.

I'd be happy to share some live examples but would probably prefer to do it over a call as it does contain some potentially sensitive information.

Thanks!

by (480 points)

1 Answer

0 votes
by (216k points)

Hello,

Thank you for the clarification. To create the report:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, expand your service node.
  3. Copy the Adaxes log built-in report (located in Reports\All Reports\Miscellaneous\Logging by default). For information on how to copy directory objects, please, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.ManageActiveDirectory.CopyObjects.html.
  4. Right-click the new report.
  5. In the context menu, click Edit. image.png
  6. Activate the Parameters tab.
  7. Delete the Show operations initiated automatically by Adaxes and Show errors only parameter. image.png
  8. Click New. image.png
  9. Select Drop-down list. image.png
  10. Click Next.
  11. Specify a parameter name and display name (e.g. ObjectType).
  12. Click Next.
  13. Click New. image.png
  14. Specify an object type (e.g. user for the User object type) in the Value field. image.png
  15. Click OK.
  16. Repeat steps 13-15 for all the object types that should be available for filtering in the report (e.g. group, contact, computer, organizationalUnit, etc.). If you want to specify an item as the default value of the parameter, it can be done via the Set as Default option in the item context menu: image.png
  17. Click Finish.
  18. Activate the Script tab.
  19. Paste the below script into the corresponding field. In the script, the $objectTypeParamName variable specifies the name of the parameter entered on step 11 with the param- prefix. image.png
$objectTypeParamName = "param-ObjectType" # TODO: modify me

# Get parameter values
$objectType = $Context.GetParameterValue($objectTypeParamName)
$days = $Context.GetParameterValue("param-Days")
$initiator = $Context.GetParameterValue("param-Initiator")

$initiatorUser = $initiator.IndexOf("1") -ge 0
$initiatorScheduledTask = $initiator.IndexOf("2") -ge 0
$anyInitiator = $initiatorUser -and $initiatorScheduledTask

# Bind to Service Log
$serviceLogPath = $Context.GetWellKnownContainerPath("ServiceLog")
$serviceLog = $Context.BindToObject($serviceLogPath)

# Get log records
$generalLog = $serviceLog.GeneralLog
$generalLog.StartDateTime = (Get-Date).AddDays(- $days)
$generalLog.EndDateTime = Get-Date

$log = $generalLog.Log
$records = $log.GetPage(0)

foreach ($record in $records)
{
    if ($Context.Items.Aborted)
    {
        return
    }

    if ($record.TargetObjectType -ne $objectType)
    {
        continue
    }

    if (-not $anyInitiator)
    {
        $initiatorClass = $record.Initiator.ObjectClass
        if ((($initiatorUser -eq $False) -and $initiatorClass -ieq "user") -or
            (($initiatorScheduledTask -eq $False) -and
                ($initiatorClass -ne "user")))
        {
            continue
        }
    }

    $operationTypes = $record.GetOperationTypes()
    if (-not $operationTypes.Contains("set properties"))
    {
        continue
    }

    $Context.Items.Add($record)
}
  1. Click OK.
0

Hello,

I followed the steps provided but the report it generates does not filter by Operation Type (Modify) + the additional 'JIT' filter. (See screenshot)

image.png

How would I incorporate those filters as well?

Thanks,

by (480 points)
0

Hello,

Please, try the updated script below:

$objectTypeParamName = "param-ObjectType" # TODO: modify me

# Get parameter values
$objectType = $Context.GetParameterValue($objectTypeParamName)
$days = $Context.GetParameterValue("param-Days")
$initiator = $Context.GetParameterValue("param-Initiator")

$initiatorUser = $initiator.IndexOf("1") -ge 0
$initiatorScheduledTask = $initiator.IndexOf("2") -ge 0
$anyInitiator = $initiatorUser -and $initiatorScheduledTask

# Bind to Service Log
$serviceLogPath = $Context.GetWellKnownContainerPath("ServiceLog")
$serviceLog = $Context.BindToObject($serviceLogPath)

# Get log records
$generalLog = $serviceLog.GeneralLog
$generalLog.StartDateTime = (Get-Date).AddDays(- $days)
$generalLog.EndDateTime = Get-Date

$log = $generalLog.Log
$records = $log.GetPage(0)

foreach ($record in $records)
{
    if ($Context.Items.Aborted)
    {
        return
    }

    $description = $record.Description
    if (($record.TargetObjectType -ne $objectType) -or (-not ($description -like "*JIT*")))
    {
        continue
    }

    if (-not $anyInitiator)
    {
        $initiatorClass = $record.Initiator.ObjectClass
        if ((($initiatorUser -eq $False) -and $initiatorClass -ieq "user") -or
            (($initiatorScheduledTask -eq $False) -and
                ($initiatorClass -ne "user")))
        {
            continue
        }
    }

    $operationTypes = $record.GetOperationTypes()
    if (-not $operationTypes.Contains("set properties"))
    {
        continue
    }

    $Context.Items.Add($record)
}
by (216k points)
0

Thank you for the response! The updated script is definitely a step in the right direction as its now pulling only the events that I want to report on.

One final ask -

1 - How can I modify the script or implement another parameter to only show events with a status of 'Completed' and not 'Failed' or 'Suspended'

2 - Is is possible to add the 'Department' of the Initiator to the report as well? I've tried doing it on my end but so far the report just returns empty values. Ideally this would be something I could put into a parameter.

eg

param-InitiatorDepartment

Then have some set department values available

Department A Department B Department C ALL

Thank you for all your help thusfar.

by (480 points)
0

Hello,

To update the report:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, expand your service node.
  3. Navigate to and right-click your report.
  4. In the context menu, click Edit. image.png
  5. Activate the Parameters tab.
  6. Click New. image.png
  7. Select Drop-down list. image.png
  8. Click Next.
  9. Specify a parameter name and display name (e.g. Department).
  10. Click Next.
  11. Click New. image.png
  12. Specify a department in the Value field. image.png
  13. Click OK.
  14. Repeat steps 11-13 for all the departments that should be available for filtering in the report.
  15. Click New.
  16. Specify ALL in the Value field. image.png
  17. Click OK.
  18. Click Finish.
  19. Activate the Columns tab.
  20. In the Report-specific columns section, click Add. image.png
  21. Specify a Display name for the column (e.g. Initiator department). image.png
  22. Click Next.
  23. Select Template.
  24. In the field below, enter a default value (e.g. empty). The value will never be present in the report and is only required to create the custom column. image.png
  25. Click Finish.
  26. Activate the Script tab.
  27. Paste the below script into the corresponding field. In the script, the following variables were added:
    • $departmentParamName – Specifies the name of the parameter entered on step 9 with the param- prefix.
    • $initiatorDepartmentColumnID – Specifies the identifier of the custom column that will display the initiator department. To get the identifier:
      1. On the Columns tab, right-click the custom column.
      2. In the context menu, navigate to Copy and click Column ID. image.png The identifier will be copied to clipboard.

image.png

$objectTypeParamName = "param-ObjectType" # TODO: modify me
$departmentParamName = "param-Department" # TODO: modify me
$initiatorDepartmentColumnID = "{ba783f1c-4da5-4dd5-b123-4b9d1caa3154}" # TODO: modify me

# Get parameter values
$objectType = $Context.GetParameterValue($objectTypeParamName)
$department = $Context.GetParameterValue($departmentParamName)
$days = $Context.GetParameterValue("param-Days")
$initiator = $Context.GetParameterValue("param-Initiator")

$initiatorUser = $initiator.IndexOf("1") -ge 0
$initiatorScheduledTask = $initiator.IndexOf("2") -ge 0
$anyInitiator = $initiatorUser -and $initiatorScheduledTask

# Bind to Service Log
$serviceLogPath = $Context.GetWellKnownContainerPath("ServiceLog")
$serviceLog = $Context.BindToObject($serviceLogPath)

# Get log records
$generalLog = $serviceLog.GeneralLog
$generalLog.StartDateTime = (Get-Date).AddDays(- $days)
$generalLog.EndDateTime = Get-Date

$log = $generalLog.Log
$records = $log.GetPage(0)

foreach ($record in $records)
{
    if ($Context.Items.Aborted)
    {
        return
    }

    if (($record.TargetObjectType -ne $objectType) -or (-not ($record.Description -like "*JIT*")) -or ($record.State -ne 4))
    {
        continue
    }

    if (-not $anyInitiator)
    {
        $initiatorClass = $record.Initiator.ObjectClass
        if ((($initiatorUser -eq $False) -and $initiatorClass -ieq "user") -or
            (($initiatorScheduledTask -eq $False) -and
                ($initiatorClass -ne "user")))
        {
            continue
        }
    }

    $operationTypes = $record.GetOperationTypes()
    if (-not $operationTypes.Contains("set properties"))
    {
        continue
    }

    $initiatorObj = $Context.BindToObject($record.Initiator.AdsPath)
    try
    {
        $initiatorDepartment = $initiatorObj.Get("department")
    }
    catch
    {
        $initiatorDepartment = $NULL
    }
    if (($department -ine "all") -and ($department -ne $initiatorDepartment))
    {
        continue
    }

    $Context.Items.Add($record, @{$initiatorDepartmentColumnID = $initiatorDepartment})
}
  1. Click OK.
by (216k points)
0

Thank you! This worked perfectly!

by (480 points)

Related questions

0 votes
1 answer
Permissions Based on LDAP filter

Is there a way to apply permission to an object using an LDAP filter? I see in the SDK how to create and assign security roles but if you can't do it in the UI will ... wrong and there is already an easy way to do it then please let me know :) Thank you

asked Aug 7, 2013 by jheisley (590 points)
0 votes
1 answer
Is there a way to change what criteria is used to cross reference data when moving an object between OU's?

For context, up until now, we had a business rule in place stopping accounts from being created for users with the same name e.g. Jacob Smith and Jacob Smith. This business ... , or how to, if possible, remove this. Any help would be most appreciated! Thanks

asked Oct 22, 2024 by Charlie.Evans (70 points)
0 votes
1 answer
Browsing - Filter options - User criteria - Search users in specific base DN

base dn: OU=Users,DC=domain,DC=com then we have sub OU's like OU=Department,OU=Users,DC=domain,DC=com and OU=Site,OU=Department,Dc=domain,dc=com i would like to filter all the users inside base dn.

asked Feb 21, 2023 by dppankib (20 points)
0 votes
1 answer
Browsing > Filter Options > Criteria - Organizational Unit missing Value

Hey Adaxes Team, currently we evaluate the new 2023 Adaxes Release. As we tried the new Criteria Function for the Search feature we run into possible a bug. There is the ... the right direction or confirming this as bug. Thanks for your Time! Bests, Daniel.

asked Feb 3, 2023 by dajo (190 points)
0 votes
1 answer
Is possible to update users based on the recently created users report.

For example: This integration with SAP SuccessFactors/Active Directory will create the users without the knowledge of Adaxes but we still want to do automation around creating ... created users report and run this automation based on the result of the report?

asked Feb 7 by DarrenFisk (100 points)
3,628 questions
3,315 answers
8,392 comments
548,728 users