French (Français)

Security Event Log from Processing Monitor

This log contains records about events related to the addition, deletion, and other changes made to user permissions. The logging of security events is disabled by default. This feature can only be enabled by the system administrator directly in a FlexiCapture database. For detailed information about various events recorded in the log and how to enable it, please see the Security event log article in the Administration and Monitoring Console help.

Important !Only users with Tenant Administrator (or the System Administrator in the case of the default tenant) can download security event logs from Processing Monitor.

To download this log, use a POST request.

POST https://<server address>/FlexiCapture12/Monitoring/Project/GetSecurityEventsCSV

Request parameters

Remarque :

All parameters are required. Make sure that they are specified correctly.
The search in Oracle Database is case sensitive. Please, take it into account if you are using Oracle Database.

Name	Type	Description
filter	string	Sets the filter parameters. As a result, only logs that satisfy the filter conditions will be recorded. Only the AND and OR operators can be used to combine the conditions. Operators are specified in GeneralOperator parameter. Sample filter parameters: filter={ "GeneralOperator": "AND", "FilterItems": [ { "PropertyKey": "Date", "PropertyOperator": "BETWEEN", "PropertyValues": [ "2021-08-28", "00:00:00", "2023-09-28", "23:59:59" ] } ] } You can find necessary values for PropertyKey and PropertyOperator parameters by creating desired filter in Administration and Monitoring Console. To do this: In browser menu click More tools -> Developer tools and go to the Network tab. Launch the Administration and Monitoring Console, go to Processing Monitor → Security event log, and click the button. Specify filtering criteria and click Apply. Click on GetFilteredSecurityEvent request. Filtering parameters will be listed on Payload tab.
columnsOrder	string	List of columns that should be added to the report. Possible values are: ID Date EventType Details RemoteHost Principal TenantName Writer WriterTenantName
sortColumnindex	int	Specifies the column that will be used to sort the records in the log.
sortOrder	bool	Specifies the order in which the records will be sorted: true will sort the records in descending order, false will sort the records in ascending order.

You can find the example of using this API in the script. Download the script here or use the script code provided below.

Remarque : The parameters in this script should be replaced with your server address, tenant name, and your own credentials.

PowerShell script

# parameters
$server = "https://<server address>"
$tenant = "<tenant name>"
$user = "<user name>"
$password = "<password>"
#path to folder where the log will be saved
$folder = "C:\Temp\Logs\Stage"
$reportFileName = "Project_SecurityEvents-{0:yyMMdd-HHmmss}.csv" -f (Get-Date)
# log parameters
$requestBody = @"
filter={
    "Name": "Filter By Date",
    "GeneralOperator": "AND",
    "FilterItems": [
        {
            "PropertyKey": "Date",
            "PropertyOperator": "BETWEEN",
            "PropertyValues": [
                "2021-08-28",
                "00:00:00",
                "2023-09-28",
                "23:59:59"
            ]
        }
    ]
}
&columnsOrder=Id,Date,EventType,Details,RemoteHost,Principal,TenantName,Writer,WriterTenantName,
&sortColumnindex=1
&sortOrder=true
"@
#------------------------------------------------------------------------------
$methodUri = "/Project/GetSecurityEventsCSV"
$authServer = $server
$ServerSitePath = "/FlexiCapture12/Monitoring"
function Write-Line($str, $color = "White")
{
Write-Host $str -ForegroundColor $color
}
function Join-Uri
{
param([Parameter(Mandatory, ValueFromPipeline)] [string]$parent, [string]$child)
if ($parent -eq "") {return $child;}
if ($child -eq ""){return $parent}
if ($parent.endswith("/") -or $parent.endswith("\\")) {$parent = $parent.substring(0,$parent.Length-1)}
if ($child.startswith("/") -or $child.startswith("\\")) {$child = $child.substring(1,$child.Length-1)}
return "$parent/$child"
}
function Get-AuthTicket($server, $user, $password, $tenant)
{
$tenantSuffix=""
if ($tenant -ne ''){ $tenantSuffix = "?tenant=$tenant"}
$URL = Join-Uri $authServer "/FlexiCapture12/Server/FCAuth/API/Soap$tenantSuffix"
$SOAPRequest = '<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><FindUser xmlns="urn:http://www.abbyy.com/FlexiCapture"><userLogin>user</userLogin></FindUser></soap:Body></soap:Envelope>'
$Headers = @{
'SOAPAction' = '"#FindUser"'
'Content-Type' = 'text/xml; charset=utf-8'
'Authorization' = "Basic $([System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("$($user):$($password)")))"}
try
{
$response1 = Invoke-WebRequest -Uri $URL -Headers $Headers -Body $SOAPRequest -Method 'POST'
return $response1.Headers['AuthTicket']
}
catch{
Write-Line -str "Couldn't get 'AuthTicket': $_" -color "Red"
return ""
}
}
function Download-CSVReport($server, $tenant, $authTicket, $methodUri, $requestBody, $folder, $reportFileName)
{
$reportFullFilePath = Join-Path $folder $reportFileName
#create folder silent (if not exist)
New-Item -ItemType Directory -Force -Path $folder | Out-Null
if ($authTicket -eq "" -or $authTicket -eq $null)
{
Write-Line -str "Couldn't get 'CSV-Report'" -color "Red"
}
else
{
$header = @{ "Accept" = "*/*"}
$session = [Microsoft.PowerShell.Commands.WebRequestSession]::new()
$session.Cookies.Add($server, [System.Net.Cookie]::new("FlexiCaptureTmpPrn$tenant", "Ticket=$authTicket"))
$tenantInUrl=""
if ($tenant -ne '') { $tenantInUrl = "/$tenant"}
$uri = Join-Uri $server $ServerSitePath | Join-Uri -child $tenantInUrl | Join-Uri -child $methodUri
try{
$response = Invoke-WebRequest -Uri $uri -Method 'POST' -Headers $header -WebSession $session -Body $requestBody -OutFile $reportFullFilePath -MaximumRedirection 0 -ErrorAction Ignore -PassThru
if ($response.StatusCode -lt 300)
{
Write-Line "CSV-Report done: $reportFullFilePath" "Green"
}
else
{
Write-Line -str "HttpStatus $($response.StatusCode) in getting CSV-Report." -color "Red"
}
}
catch{
Write-Line -str "Couldn't get CSV-Report: $_" -color "Red"
return ""
}
}
}
$authTicket = Get-AuthTicket -server $server -user $user -password $password -tenant $tenant
Download-CSVReport -server $server -tenant $tenant -authTicket $authTicket -methodUri $methodUri -requestBody $requestBody -folder $folder -reportFileName $reportFileName

4/12/2024 6:16:03 PM

Please leave your feedback about this article

Name

E-mail

Comment

Your use of this site is conditioned on Your continued compliance with the Terms of Use.

Terms of Use

Disclaimer of Warranty

Limitation of Liability

Transmission and Submission of Information

Downloads

Use of Content

Trademarks

Links to Third-Party Sites

Foreign Legislation

Subscription Terms

Partner Subscription Terms

Security Event Log from Processing Monitor

Request parameters

PowerShell script

Please leave your feedback about this article