You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
117 lines
3.0 KiB
Bash
117 lines
3.0 KiB
Bash
5 years ago
|
#!/usr/bin/env bash
|
||
|
# vim:ts=4:sts=4:sw=4:et
|
||
|
#
|
||
|
# Author: Hari Sekhon
|
||
|
# Date: 2020-01-02 16:19:20 +0000 (Thu, 02 Jan 2020)
|
||
|
#
|
||
|
# https://github.com/harisekhon/bash-tools
|
||
|
#
|
||
|
# License: see accompanying Hari Sekhon LICENSE file
|
||
|
#
|
||
|
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
|
||
|
#
|
||
|
# https://www.linkedin.com/in/harisekhon
|
||
|
#
|
||
|
|
||
|
# Script to fetch Cloudera Navigator Audit logs via API
|
||
|
#
|
||
|
# See cloudera_navigator_api.sh for base options like Navigator Host, SSL etc
|
||
|
#
|
||
|
# From 1 year ago to Now (this is literally today minus 1 year right down to the second)
|
||
|
#
|
||
|
# ./cloudera_navigator_audit.sh "1 year ago" <query_filter> <curl_options> ...
|
||
|
|
||
|
|
||
|
# See the inline documentation for Cloudera Navigator Query filters
|
||
|
#
|
||
|
# https://$CLOUDERA_NAVIGATOR_HOST:7187/api-console/index.html#!/audits/getAudits
|
||
|
#
|
||
|
# https://$CLOUDERA_NAVIGATOR_HOST:7187/api-console/tutorial.html
|
||
|
|
||
|
# Examples:
|
||
|
#
|
||
|
# From Start to Now:
|
||
|
#
|
||
|
# ./cloudera_navigator_audit.sh "2019-01-01T00:00:00" <query> ...
|
||
|
#
|
||
|
#
|
||
|
# From Start to End Dates:
|
||
|
#
|
||
|
# ./cloudera_navigator_audit.sh "2019-01-01T00:00:00" "2020-01-01T00:00:00" <query> ...
|
||
|
#
|
||
|
#
|
||
|
# Implicit 1 year ago to now for just the Impala service, ignoring the self-signed certificate:
|
||
|
#
|
||
|
# ./cloudera_navigator_audit.sh service==impala -k
|
||
|
#
|
||
|
#
|
||
|
# combine with jq commands to extract the info you want from the json output
|
||
|
#
|
||
|
# ./cloudera_navigator_audit.sh impala | jq -r '.queries[].statement'
|
||
|
|
||
|
# Tested on Cloudera Enterprise 5.10
|
||
|
|
||
|
set -euo pipefail
|
||
|
[ -n "${DEBUG:-}" ] && set -x
|
||
|
srcdir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||
|
|
||
|
# shellcheck source=lib/cloudera_navigator.sh
|
||
|
. "$srcdir/lib/utils.sh"
|
||
|
|
||
|
# shellcheck source=lib/cloudera_navigator.sh
|
||
|
. "$srcdir/lib/cloudera_navigator.sh"
|
||
|
|
||
|
# to use Linux's date -d switch
|
||
|
if is_mac; then
|
||
|
date="gdate"
|
||
|
else
|
||
|
date="date"
|
||
|
fi
|
||
|
|
||
|
start=""
|
||
|
end=""
|
||
|
|
||
|
if [[ "${1:-}" =~ ^[[:digit:]] ]]; then
|
||
|
start="$1"
|
||
|
shift
|
||
|
fi
|
||
|
|
||
|
if [[ "${1:-}" =~ ^[[:digit:]] ]]; then
|
||
|
end="$1"
|
||
|
shift
|
||
|
fi
|
||
|
|
||
|
if [ -z "$start" ]; then
|
||
|
start="1 year ago"
|
||
|
fi
|
||
|
start_epoch_ms="$("$date" -d "$start" +%s000)"
|
||
|
|
||
|
if [ -z "$end" ]; then
|
||
|
end_epoch_ms="$now_timestamp"
|
||
|
else
|
||
|
end_epoch_ms="$("$date" -d "$end" +%s000)"
|
||
|
fi
|
||
|
|
||
|
start_date="$($date -d "@${start_epoch_ms%000}")"
|
||
|
end_date="$($date -d "@${end_epoch_ms%000}")"
|
||
|
|
||
|
# defined in lib
|
||
|
# shellcheck disable=SC2154
|
||
|
echo "fetching audit logs from '$start_date' to '$end_date'" >&2
|
||
|
|
||
|
query=""
|
||
|
if ! [[ "${1:-}" =~ ^- ]]; then
|
||
|
query="${1:-}"
|
||
|
shift
|
||
|
fi
|
||
|
|
||
|
# don't page through this, dump as whole attachment
|
||
|
limit="${limit:-10000}" # max limit
|
||
|
offset="${offset:-0}"
|
||
|
|
||
|
# limit=100&offset=0
|
||
|
# format=JSON is default
|
||
|
# attachment will ignore default 10,000 limit and return all results which is what we want
|
||
|
#"$srcdir/cloudera_navigator_api.sh" "/audits/?query=${query}&startTime=${start_epoch_ms}&endTime=${end_epoch_ms}&limit=$limit&offset=$offset" "$@"
|
||
|
"$srcdir/cloudera_navigator_api.sh" "/audits/?query=${query}&startTime=${start_epoch_ms}&endTime=${end_epoch_ms}&attachment=true" "$@"
|