-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathsaveEventLogs.ps1
More file actions
119 lines (105 loc) · 2.86 KB
/
saveEventLogs.ps1
File metadata and controls
119 lines (105 loc) · 2.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
<#
.SYNOPSIS
Retrieves events from okta, converts them to jsonl format and saves them to a local file
.DESCRIPTION
Useful for extracting events from Okta and storing them locally
.EXAMPLE
This command will start a job that collects events from a defined org with a given startDate
the resulting events will be written into a timestamped file (based on published date of the event) OktaEvent_{oOrg}_{YYYY-MM-DD}.jsonl
powershell -file saveEventLogs.ps1 -oOrg <orgName> -startDate <YYYY-MM-DD>
.LINK
https://github.com/mbegan/Okta-Scripts
https://support.okta.com/help/community
http://developer.okta.com/docs/api/getting_started/design_principles.html
#>
Param
(
[Parameter(Mandatory=$false)]
[alias('org','OktaOrg')]
[string]$oOrg=$oktaDefOrg,
[Parameter(Mandatory=$false)]
[string]$startDate
)
#jsonlines
if (Test-Path -Path (".state_" + $oOrg))
{
try
{
$state = Get-Content -Path (".state_" + $oOrg) -ErrorAction Continue
$state = ConvertFrom-Json -InputObject $state[-1]
}
catch
{
Write-Debug("No existing .state file found")
}
}
if ($state.until)
{
$startDate = $state.until
}
try
{
$startDate = Get-Date $startDate
$now = Get-Date
$span = New-TimeSpan -Start $startDate -End $now
}
catch
{
throw($_.Exception.Message)
}
Import-Module Okta
if (!(Get-Module Okta))
{
throw 'Okta module not loaded...'
}
function writeState()
{
param
(
$after,
$until,
$oOrg
)
$state = @{ until = $until; after = $after }
$state = ConvertTo-Json -InputObject $state -Compress
Add-Content -Value $state -Path (".state_" + $oOrg)
}
#preseve value
$curVerbosity = $oktaVerbose
if ( [System.Management.Automation.ActionPreference]::SilentlyContinue -ne $VerbosePreference )
{
$oktaVerbose = $true
} else {
$oktaVerbose = $false
}
$daystofetch = ([math]::Floor($span.TotalDays))
$after = $false
if ($state.after)
{
$after=$state.after
}
while ($daystofetch -gt 0)
{
$since = $now.AddDays(($daystofetch *-1))
$until = $since.AddDays(1)
Write-Verbose("fetch logs from " + $since + " to " + $until)
$events = oktaListEvents -oOrg $oOrg -since $since -until $until -after $after -verbose
foreach ($event in $events)
{
if ($event.published -is [DateTime])
{
$pubd = $event.published.ToString("o")
} else {
$pubd = $event.published.ToString()
}
$out = "OktaEvent_" + $oOrg + "_"
$out += $pubd.Substring(0,10)
$out += ".jsonl"
$line = ConvertTo-Json -InputObject $event -Depth 12 -Compress
Add-Content -Value $line -Path $out
$after = $event.eventId
}
writeState -after $after -until $until -oOrg $oOrg
$daystofetch--
}
$oktaVerbose = $curVerbosity