English (English)

Security Event Log from System Monitor

This log contains records about events related to the addition, deletion, and other changes made to user permissions. The logging of security events is disabled by default. This feature can only be enabled by the system administrator directly in a FlexiCapture database. For detailed information about various events recorded in the log and how to enable it, please see the Security event log article in the Administration and Monitoring Console help.

Important! Only users with System Administrator permissions can download security event logs from System Monitor. A System Administrator is the Administrator of a default tenant.

To download this log, use a POST request.

POST https://<server address>/FlexiCapture12/Monitoring/Tenant/GetSecurityEventsCSV

Request parameters

Note:

All parameters are required. Make sure that they are specified correctly.
The search in Oracle Database is case sensitive. Please, take it into account if you are using Oracle Database.

Name	Type	Description
filter	string	Sets the filter parameters. As a result, only logs that satisfy the filter conditions will be recorded. Only the AND and OR operators can be used to combine the conditions. Operators are specified in GeneralOperator parameter. Sample filter parameters: filter={ "GeneralOperator": "AND", "FilterItems": [ { "PropertyKey": "Date", "PropertyOperator": "BETWEEN", "PropertyValues": [ "2021-08-28", "00:00:00", "2023-09-28", "23:59:59" ] } ] } You can find necessary values for PropertyKey and PropertyOperator parameters by creating desired filter in Administration and Monitoring Console. To do this: In browser menu click More tools -> Developer tools and go to the Network tab. Launch the Administration and Monitoring Console, go to System Monitor → Security event log, and click the button. Specify filtering criteria and click Apply. Click on GetFilteredSecurityEvent request. Filtering parameters will be listed on Payload tab.
columnsOrder	string	List of columns that should be added to the report. Possible values are: ID Date EventType Details RemoteHost Principal TenantName Writer WriterTenantName
sortColumnindex	int	Specifies the column that will be used to sort the records in the log.
sortOrder	bool	Specifies the order in which the records will be sorted: true will sort the records in descending order, false will sort the records in ascending order.
tenantId	int	Specifies the tenants for which records should be included into the event log. Possible values are: -1 – records for all available tenants will be included into the log. 0 – records for the default tenant will be included into the log. 1 and greater – records for the tenant with the specified ID only will be included into the log.

You can find the example of using this API in the script. Download the script here or use the script code provided below.

Note: The parameters in this script should be replaced with your server address and your own credentials.

PowerShell script

# parameters
$server = "https://<server address>"
$user = "<user name>"
$password = "<password>"
#path to folder where the log will be saved
$folder = "C:\Temp\Logs\Stage"
$reportFileName = "Tenant_SecurityEvents-{0:yyMMdd-HHmmss}.csv" -f (Get-Date)
# log parameters
$requestBody = @"
filter={
    "Name": "Filter",
    "GeneralOperator": "AND",
    "FilterItems": [
        {
            "PropertyKey": "Date",
            "PropertyOperator": "BETWEEN",
            "PropertyValues": [
                "2021-08-28",
                "00:00:00",
                "2023-09-28",
                "23:59:59"
            ]
        }
    ]
}
&columnsOrder=Id,Date,EventType,Details,RemoteHost,Principal,TenantName,Writer,WriterTenantName,
&sortColumnindex=1
&sortOrder=true
&tenantId=-1
"@
#------------------------------------------------------------------------------
$tenant = "" # Only default tenant
$methodUri = "/Tenant/GetSecurityEventsCSV"
$authServer = $server
$ServerSitePath = "/FlexiCapture12/Monitoring"
function Write-Line($str, $color = "White")
{
Write-Host $str -ForegroundColor $color
}
function Join-Uri
{
param([Parameter(Mandatory, ValueFromPipeline)] [string]$parent, [string]$child)
if ($parent -eq "") {return $child;}
if ($child -eq ""){return $parent}
if ($parent.endswith("/") -or $parent.endswith("\\")) {$parent = $parent.substring(0,$parent.Length-1)}
if ($child.startswith("/") -or $child.startswith("\\")) {$child = $child.substring(1,$child.Length-1)}
return "$parent/$child"
}
function Get-AuthTicket($server, $user, $password, $tenant)
{
$tenantSuffix=""
if ($tenant -ne ''){ $tenantSuffix = "?tenant=$tenant"}
$URL = Join-Uri $authServer "/FlexiCapture12/Server/FCAuth/API/Soap$tenantSuffix"
$SOAPRequest = '<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><FindUser xmlns="urn:http://www.abbyy.com/FlexiCapture"><userLogin>user</userLogin></FindUser></soap:Body></soap:Envelope>'
$Headers = @{
'SOAPAction' = '"#FindUser"'
'Content-Type' = 'text/xml; charset=utf-8'
'Authorization' = "Basic $([System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("$($user):$($password)")))"}
try
{
$response1 = Invoke-WebRequest -Uri $URL -Headers $Headers -Body $SOAPRequest -Method 'POST'
return $response1.Headers['AuthTicket']
}
catch{
Write-Line -str "Couldn't get 'AuthTicket': $_" -color "Red"
return ""
}
}
function Download-CSVReport($server, $tenant, $authTicket, $methodUri, $requestBody, $folder, $reportFileName)
{
$reportFullFilePath = Join-Path $folder $reportFileName
#create folder silent (if not exist)
New-Item -ItemType Directory -Force -Path $folder | Out-Null
if ($authTicket -eq "" -or $authTicket -eq $null)
{
Write-Line -str "Couldn't get 'CSV-Report'" -color "Red"
}
else
{
$header = @{ "Accept" = "*/*"}
$session = [Microsoft.PowerShell.Commands.WebRequestSession]::new()
$session.Cookies.Add($server, [System.Net.Cookie]::new('FlexiCaptureTmpPrn', "Ticket=$authTicket"))
$tenantInUrl=""
if ($tenant -ne '') { $tenantInUrl = "/$tenant"}
$uri = Join-Uri $server $ServerSitePath | Join-Uri -child $tenantInUrl | Join-Uri -child $methodUri
try{
$response = Invoke-WebRequest -Uri $uri -Method 'POST' -Headers $header -WebSession $session -Body $requestBody -OutFile $reportFullFilePath -MaximumRedirection 0 -ErrorAction Ignore -PassThru
if ($response.StatusCode -lt 300)
{
Write-Line "CSV-Report done: $reportFullFilePath" "Green"
}
else
{
Write-Line -str "HttpStatus $($response.StatusCode) in getting CSV-Report." -color "Red"
}
}
catch{
Write-Line -str "Couldn't get CSV-Report: $_" -color "Red"
return ""
}
}
}
$authTicket = Get-AuthTicket -server $server -user $user -password $password -tenant $tenant
Download-CSVReport -server $server -tenant $tenant -authTicket $authTicket -methodUri $methodUri -requestBody $requestBody -folder $folder -reportFileName $reportFileName

12.04.2024 18:16:02

Please leave your feedback about this article

Name

E-mail

Comment

Your use of this site is conditioned on Your continued compliance with the Terms of Use.

Terms of Use

Disclaimer of Warranty

Limitation of Liability

Transmission and Submission of Information

Downloads

Use of Content

Trademarks

Links to Third-Party Sites

Foreign Legislation

Subscription Terms

Partner Subscription Terms

Security Event Log from System Monitor

Request parameters

PowerShell script

Please leave your feedback about this article