Reporting and Data Extraction

Endpoint Privilege Management for Unix and Linux provides the ability to extract keyword data from the event log. This data can be displayed or used by other programs (database import programs, spreadsheets, and report writers, for example).

Use the pblog -c option to extract the required data and/or use various Unix/Linux search tools (grep, awk, sed) to extract and redirect the data to a file. Here is a shell script to format pblog output:

#!/usr/bin/sh
NOTE: only root can run pblog
echo " "
echo " "
echo " "
echo "Report: Successful Root-Level Events " 
echo "------------------------------------ "
echo " "
echo " "
echo "Submitted from: User Command"
pblog -c 'event=="Accept"' -a 'submithost + " " + user + " " + runcommand'
echo " "
echo " "
echo " "
echo "Report: Unsuccessful Attempts "
echo "----------------------------- "
echo " "
echo " "
pblog -c 'event=="Reject"'
A sample report:
Report: Successful Root-Level Events
------------------------------------
Submitted from: User Command 
sparky.company.com chris kill 
sparky.company.com chris csh 
sparky.company.com chris csh

Report: Unsuccessful Attempts
-----------------------------
Reject 1999/07/31 10:40:50 chris@sparky.company.com
kill -9 396
Reject 1999/07/31 10:44:10 chris@sparky.company.com 
mount /dev/rmt0l /mnt