0 votes

Hello,

I'd like to create a custom Adaxes report based on the following Logging Filters -

image.png

image.png

image.png

image.png

I'm currently having to filter the logs manually each time I want to gather this data but am wondering if there's some way to build a custom report using these same filters?

Let me know if it would be easier to jump on a call to discuss this further?

Thank you in advance!

by (480 points)
0

Hello,

Could you, please, clarify whether an external database is used for log records? For information on how to check/change the setting, please, have a look at the following help article: https://www.adaxes.com/help/?Logging.EnableMSSQL.html. Should the filters be hardcoded into the report or selected via report parameters? Live examples and any additional information about the desired report would be much appreciated.

0

Hello,

It looks like we are using the builtin SQLite database.

If the report filters could be selected via paramaters that would be preferred but if its easier to hardcode the values into the report that works for me too.

I'd be happy to share some live examples but would probably prefer to do it over a call as it does contain some potentially sensitive information.

Thanks!

1 Answer

0 votes
by (216k points)

Hello,

Thank you for the clarification. To create the report:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, expand your service node.
  3. Copy the Adaxes log built-in report (located in Reports\All Reports\Miscellaneous\Logging by default). For information on how to copy directory objects, please, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.ManageActiveDirectory.CopyObjects.html.
  4. Right-click the new report.
  5. In the context menu, click Edit. image.png
  6. Activate the Parameters tab.
  7. Delete the Show operations initiated automatically by Adaxes and Show errors only parameter. image.png
  8. Click New. image.png
  9. Select Drop-down list. image.png
  10. Click Next.
  11. Specify a parameter name and display name (e.g. ObjectType).
  12. Click Next.
  13. Click New. image.png
  14. Specify an object type (e.g. user for the User object type) in the Value field. image.png
  15. Click OK.
  16. Repeat steps 13-15 for all the object types that should be available for filtering in the report (e.g. group, contact, computer, organizationalUnit, etc.). If you want to specify an item as the default value of the parameter, it can be done via the Set as Default option in the item context menu: image.png
  17. Click Finish.
  18. Activate the Script tab.
  19. Paste the below script into the corresponding field. In the script, the $objectTypeParamName variable specifies the name of the parameter entered on step 11 with the param- prefix. image.png
$objectTypeParamName = "param-ObjectType" # TODO: modify me

# Get parameter values
$objectType = $Context.GetParameterValue($objectTypeParamName)
$days = $Context.GetParameterValue("param-Days")
$initiator = $Context.GetParameterValue("param-Initiator")

$initiatorUser = $initiator.IndexOf("1") -ge 0
$initiatorScheduledTask = $initiator.IndexOf("2") -ge 0
$anyInitiator = $initiatorUser -and $initiatorScheduledTask

# Bind to Service Log
$serviceLogPath = $Context.GetWellKnownContainerPath("ServiceLog")
$serviceLog = $Context.BindToObject($serviceLogPath)

# Get log records
$generalLog = $serviceLog.GeneralLog
$generalLog.StartDateTime = (Get-Date).AddDays(- $days)
$generalLog.EndDateTime = Get-Date

$log = $generalLog.Log
$records = $log.GetPage(0)

foreach ($record in $records)
{
    if ($Context.Items.Aborted)
    {
        return
    }

    if ($record.TargetObjectType -ne $objectType)
    {
        continue
    }

    if (-not $anyInitiator)
    {
        $initiatorClass = $record.Initiator.ObjectClass
        if ((($initiatorUser -eq $False) -and $initiatorClass -ieq "user") -or
            (($initiatorScheduledTask -eq $False) -and
                ($initiatorClass -ne "user")))
        {
            continue
        }
    }

    $operationTypes = $record.GetOperationTypes()
    if (-not $operationTypes.Contains("set properties"))
    {
        continue
    }

    $Context.Items.Add($record)
}
  1. Click OK.
0

Hello,

I followed the steps provided but the report it generates does not filter by Operation Type (Modify) + the additional 'JIT' filter. (See screenshot)

image.png

How would I incorporate those filters as well?

Thanks,

0

Hello,

Please, try the updated script below:

$objectTypeParamName = "param-ObjectType" # TODO: modify me

# Get parameter values
$objectType = $Context.GetParameterValue($objectTypeParamName)
$days = $Context.GetParameterValue("param-Days")
$initiator = $Context.GetParameterValue("param-Initiator")

$initiatorUser = $initiator.IndexOf("1") -ge 0
$initiatorScheduledTask = $initiator.IndexOf("2") -ge 0
$anyInitiator = $initiatorUser -and $initiatorScheduledTask

# Bind to Service Log
$serviceLogPath = $Context.GetWellKnownContainerPath("ServiceLog")
$serviceLog = $Context.BindToObject($serviceLogPath)

# Get log records
$generalLog = $serviceLog.GeneralLog
$generalLog.StartDateTime = (Get-Date).AddDays(- $days)
$generalLog.EndDateTime = Get-Date

$log = $generalLog.Log
$records = $log.GetPage(0)

foreach ($record in $records)
{
    if ($Context.Items.Aborted)
    {
        return
    }

    $description = $record.Description
    if (($record.TargetObjectType -ne $objectType) -or (-not ($description -like "*JIT*")))
    {
        continue
    }

    if (-not $anyInitiator)
    {
        $initiatorClass = $record.Initiator.ObjectClass
        if ((($initiatorUser -eq $False) -and $initiatorClass -ieq "user") -or
            (($initiatorScheduledTask -eq $False) -and
                ($initiatorClass -ne "user")))
        {
            continue
        }
    }

    $operationTypes = $record.GetOperationTypes()
    if (-not $operationTypes.Contains("set properties"))
    {
        continue
    }

    $Context.Items.Add($record)
}
0

Thank you for the response! The updated script is definitely a step in the right direction as its now pulling only the events that I want to report on.

One final ask -

1 - How can I modify the script or implement another parameter to only show events with a status of 'Completed' and not 'Failed' or 'Suspended'

2 - Is is possible to add the 'Department' of the Initiator to the report as well? I've tried doing it on my end but so far the report just returns empty values. Ideally this would be something I could put into a parameter.

eg

param-InitiatorDepartment

Then have some set department values available

Department A Department B Department C ALL

Thank you for all your help thusfar.

0

Hello,

To update the report:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, expand your service node.
  3. Navigate to and right-click your report.
  4. In the context menu, click Edit. image.png
  5. Activate the Parameters tab.
  6. Click New. image.png
  7. Select Drop-down list. image.png
  8. Click Next.
  9. Specify a parameter name and display name (e.g. Department).
  10. Click Next.
  11. Click New. image.png
  12. Specify a department in the Value field. image.png
  13. Click OK.
  14. Repeat steps 11-13 for all the departments that should be available for filtering in the report.
  15. Click New.
  16. Specify ALL in the Value field. image.png
  17. Click OK.
  18. Click Finish.
  19. Activate the Columns tab.
  20. In the Report-specific columns section, click Add. image.png
  21. Specify a Display name for the column (e.g. Initiator department). image.png
  22. Click Next.
  23. Select Template.
  24. In the field below, enter a default value (e.g. empty). The value will never be present in the report and is only required to create the custom column. image.png
  25. Click Finish.
  26. Activate the Script tab.
  27. Paste the below script into the corresponding field. In the script, the following variables were added:
    • $departmentParamName – Specifies the name of the parameter entered on step 9 with the param- prefix.
    • $initiatorDepartmentColumnID – Specifies the identifier of the custom column that will display the initiator department. To get the identifier:
      1. On the Columns tab, right-click the custom column.
      2. In the context menu, navigate to Copy and click Column ID. image.png The identifier will be copied to clipboard.

image.png

$objectTypeParamName = "param-ObjectType" # TODO: modify me
$departmentParamName = "param-Department" # TODO: modify me
$initiatorDepartmentColumnID = "{ba783f1c-4da5-4dd5-b123-4b9d1caa3154}" # TODO: modify me

# Get parameter values
$objectType = $Context.GetParameterValue($objectTypeParamName)
$department = $Context.GetParameterValue($departmentParamName)
$days = $Context.GetParameterValue("param-Days")
$initiator = $Context.GetParameterValue("param-Initiator")

$initiatorUser = $initiator.IndexOf("1") -ge 0
$initiatorScheduledTask = $initiator.IndexOf("2") -ge 0
$anyInitiator = $initiatorUser -and $initiatorScheduledTask

# Bind to Service Log
$serviceLogPath = $Context.GetWellKnownContainerPath("ServiceLog")
$serviceLog = $Context.BindToObject($serviceLogPath)

# Get log records
$generalLog = $serviceLog.GeneralLog
$generalLog.StartDateTime = (Get-Date).AddDays(- $days)
$generalLog.EndDateTime = Get-Date

$log = $generalLog.Log
$records = $log.GetPage(0)

foreach ($record in $records)
{
    if ($Context.Items.Aborted)
    {
        return
    }

    if (($record.TargetObjectType -ne $objectType) -or (-not ($record.Description -like "*JIT*")) -or ($record.State -ne 4))
    {
        continue
    }

    if (-not $anyInitiator)
    {
        $initiatorClass = $record.Initiator.ObjectClass
        if ((($initiatorUser -eq $False) -and $initiatorClass -ieq "user") -or
            (($initiatorScheduledTask -eq $False) -and
                ($initiatorClass -ne "user")))
        {
            continue
        }
    }

    $operationTypes = $record.GetOperationTypes()
    if (-not $operationTypes.Contains("set properties"))
    {
        continue
    }

    $initiatorObj = $Context.BindToObject($record.Initiator.AdsPath)
    try
    {
        $initiatorDepartment = $initiatorObj.Get("department")
    }
    catch
    {
        $initiatorDepartment = $NULL
    }
    if (($department -ine "all") -and ($department -ne $initiatorDepartment))
    {
        continue
    }

    $Context.Items.Add($record, @{$initiatorDepartmentColumnID = $initiatorDepartment})
}
  1. Click OK.
0

Thank you! This worked perfectly!

Related questions

0 votes
1 answer

Is there a way to apply permission to an object using an LDAP filter? I see in the SDK how to create and assign security roles but if you can't do it in the UI will ... wrong and there is already an easy way to do it then please let me know :) Thank you

asked Aug 7, 2013 by jheisley (590 points)
0 votes
1 answer

For context, up until now, we had a business rule in place stopping accounts from being created for users with the same name e.g. Jacob Smith and Jacob Smith. This business ... , or how to, if possible, remove this. Any help would be most appreciated! Thanks

asked Oct 22 by Charlie.Evans (70 points)
0 votes
1 answer

Hello team, our users are created by HR system into AD and have the start date as string in extensionAttribute2 with a prefix (like "startdate_2024-01-02"). Sometimes the user ... "Employee" Do you have a script in place to achieve this? Thanks in advance.

asked Mar 26 by wintec01 (1.5k points)
+1 vote
1 answer

I see many questions regarding this in the Forum, and last solution is from 2014 - based on custom PS script, has something in the product come up that solves this ... outputs users that does not comply to property pattern in order to upkeep AD sanity. Thanks

asked Jan 21, 2021 by spinnetho (50 points)
0 votes
1 answer

I need a report that will show what O365 Licenses each user has based on Office. If can emailed or with in reports

asked Jan 17, 2020 by hgletifer (1.3k points)
3,588 questions
3,277 answers
8,303 comments
548,091 users