Achieve Old Audit Data
<?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd"> <Rule language="beanshell" name="VIS Archive AuditEvent Rule"> <Source> import java.util.List; import java.util.ArrayList; import java.util.Iterator; import java.lang.Object; import java.lang.Thread; import java.util.Date; import java.io.File; import java.util.Calendar; import java.io.PrintWriter; import java.io.StringWriter; import sailpoint.object.Identity; import sailpoint.api.Terminator; import sailpoint.tools.Util; import sailpoint.object.Application; import sailpoint.object.Attributes; import sailpoint.object.AuditEvent; import sailpoint.server.Auditor; import sailpoint.tools.GeneralException; import sailpoint.object.*; import sailpoint.tools.Message; import sailpoint.object.Link; import sailpoint.task.TaskMonitor; import sailpoint.task.TaskManager; import sailpoint.object.MessageTemplate; import sailpoint.tools.Message.Type; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.Types; import java.sql.ResultSet; Log log = LogFactory.getLog("vis.rule.archiveAuditEvent"); taskResult.setProgress("Starting Rule Archive Audit Event..."); context.saveObject(taskResult); context.commitTransaction(); public static String StackTraceAsString(Exception exception) { StringWriter sw = new StringWriter(); PrintWriter pw = new PrintWriter(sw); exception.printStackTrace(pw); return "\n" + sw.toString(); // stack trace as a string } public static Date generateDate(int daysToSet) { Calendar cal = Calendar.getInstance(); //if value is not 0 then we will leave the expiration date to the date this method is called. cal.setTime(new Date()); if (daysToSet != 0) { cal.add(Calendar.DAY_OF_YEAR, daysToSet); } return (cal.getTime()); } public static void doArchive(AuditEvent paramAuditEvent,Connection conn){ String str = paramAuditEvent.toXml(); PreparedStatement preparedStatement =null; try{ preparedStatement = conn.prepareStatement(INSERT_SQL); preparedStatement.setLong(1, Long.valueOf(new Date().getTime())); preparedStatement.setString(2, paramAuditEvent.getId()); preparedStatement.setLong(3, Long.valueOf(paramAuditEvent.getCreated().getTime())); if( null != paramAuditEvent.getModified()){ preparedStatement.setLong(4, Long.valueOf(paramAuditEvent.getModified().getTime()) ); }else{ preparedStatement.setNull(4,Types.NUMERIC); } if(null != paramAuditEvent.getOwner()){ preparedStatement.setString(5, paramAuditEvent.getOwner().toString()); }else{ preparedStatement.setString(5, null); } if(null != paramAuditEvent.getAssignedScope()){ preparedStatement.setString(6, paramAuditEvent.getAssignedScope().toString()); }else{ preparedStatement.setString(6, null); } preparedStatement.setString(7, paramAuditEvent.getAssignedScopePath()); preparedStatement.setString(8, paramAuditEvent.getInterface()); preparedStatement.setString(9, paramAuditEvent.getSource()); preparedStatement.setString(10, paramAuditEvent.getAction()); preparedStatement.setString(11, paramAuditEvent.getTarget()); preparedStatement.setString(12, paramAuditEvent.getApplication()); preparedStatement.setString(13, paramAuditEvent.getAccountName()); preparedStatement.setString(14, paramAuditEvent.getInstance()); preparedStatement.setString(15, paramAuditEvent.getAttributeName()); preparedStatement.setString(16, paramAuditEvent.getAttributeValue()); preparedStatement.setString(17, paramAuditEvent.getTrackingId()); if(null != paramAuditEvent.getAttributes()){ preparedStatement.setString(18, paramAuditEvent.getAttributes().toString()); }else{ preparedStatement.setString(18, null); } preparedStatement.setString(19, paramAuditEvent.getString1()); preparedStatement.setString(20, paramAuditEvent.getString2()); preparedStatement.setString(21, paramAuditEvent.getString3()); preparedStatement.setString(22, paramAuditEvent.getString4()); preparedStatement.setString(23, str.substring(str.indexOf("AuditEvent"))); preparedStatement.executeUpdate(); }catch (Exception e){ log.debug("Exception in doArchive method during audit event table archive"+e); }finally{ if( null != preparedStatement){ preparedStatement.close(); } } } public static boolean isAuditArchived(String paramString,Connection conn){ // log.debug("Enter into method isAuditArchived: Audit Event ObjectID: " + paramString); PreparedStatement localPreparedStatement =null; ResultSet localResultSet =null; boolean result = false; try{ String str = "SELECT * FROM idc_auditevent_archive where id = ?"; localPreparedStatement= conn.prepareStatement(str); localPreparedStatement.setString(1, paramString); localResultSet = localPreparedStatement.executeQuery(); while (localResultSet.next()) { result = true; } }catch(Exception e){ log.debug("Exception in isAuditArchived method "+e); result = true; }finally{ if(null != localResultSet){ localResultSet.close(); } if(null != localPreparedStatement){ localPreparedStatement.close(); } } return result; } //Create custom table similar to SPT_AUDIT_EVENT public static String INSERT_SQL = "INSERT INTO sp_auditevent_archive (archived, id, created, modified, owner, assigned_scope, assigned_scope_path,interface, source,action,target,application,account_name,instance,attribute_name, attribute_value, tracking_id, attributes,string1,string2,string3,string4,rawdata) VALUES (?, ?,?, ?, ?,?, ?,?, ?, ?,?, ?,?, ?, ?,?, ?,?, ?, ?, ?, ?, ?)"; String summaryMessage = ""; String status = "Completed"; int completionCount = 0; String endDay=config.get("ENDDAY"); String startDay=config.get("STARTDAY"); log.debug("Fetching the parameters STARTDAY" + startDay ); log.debug("Fetching the parameters ENDDAY" + endDay ); QueryOptions qo = new QueryOptions(); // int endDaysInPast = (-128); // int startDaysInPast=(-130); int endDaysInPast = Integer.parseInt(endDay); int startDaysInPast = Integer.parseInt(startDay); Connection conn=context.getConnection(); List filters = new ArrayList(); filters.add(Filter.ge("created", generateDate( startDaysInPast ))); filters.add(Filter.le("created", generateDate( endDaysInPast ))); Filter f=Filter.and(filters); qo.addFilter( f ); qo.setDistinct(true); int count = context.countObjects(AuditEvent.class, qo); log.debug("Found: " + count + " audit events that match filter!"); taskResult.setProgress("Found: " + count + " that match filter to archive!"); context.saveObject(taskResult); context.commitTransaction(); String allowUpdateStr = Util.otos(config.get("AllowRemoval")); boolean allowUpdateB = false; if (null == allowUpdateStr) { taskResult.addMessage(sailpoint.tools.Message.error(("AllowRemoval variable is required. Please provide either true or false!"), null)); taskResult.setCompletionStatus(TaskResult.CompletionStatus.Error); summaryMessage = "FAILED, AllowRemoval variable is required. Please provide either true or false!"; status = "Error"; } else { allowUpdateB = Util.otob(allowUpdateStr); try{ Iterator iterator = context.search(AuditEvent.class, qo); taskResult.setProgress("Allowing removal: " + allowUpdateB); context.saveObject(taskResult); context.commitTransaction(); StringBuilder sb = new StringBuilder(); while( iterator.hasNext() ){ AuditEvent auditEvent = (AuditEvent)iterator.next(); String details = auditEvent.getId(); if(allowUpdateB &&!isAuditArchived(details,conn)){ doArchive(auditEvent,conn); Terminator terminator = new Terminator(context); terminator.deleteObject(auditEvent); completionCount++; }else{ log.debug("Aleady archive Audit Event ID" + details ); continue; } if( sb.length() > 0 ){ sb.append(", "); } } Util.flushIterator(iterator); taskResult.setCompletionStatus(TaskResult.CompletionStatus.Success); taskResult.setAttribute("_objectsUpdated", sb.toString() ); summaryMessage = "Successfully Deleted [ " + completionCount + " ] AuditEvents"; status = "Success"; } catch (Exception e){ taskResult.setCompletionStatus(TaskResult.CompletionStatus.Error); taskResult.addMessage(sailpoint.tools.Message.error( ("Error Message: " + e.getMessage() + " stackTrace: " + StackTraceAsString(e)), null)); summaryMessage = "Error Message: " + e.getMessage() + " stackTrace: " + StackTraceAsString(e); status = "Error"; log.debug("Exception in auditevent archive rule"+e); }finally{ conn.close(); } } taskResult.setAttribute("_totalObjectsUpdated", Util.otos(completionCount)); taskResult.setAttribute("_allowUpdate", Util.otos(allowUpdateB)); taskResult.setAttribute("_summary", summaryMessage); log.debug("Completed Deleting [ " + completionCount + " ] AuditEvents"); return(status); </Source> </Rule>