SIMPLE SCRIPT TO ARCHIVE OCI AUDIT RECORDS TO OBJECT STORAGE

IT by javier mugueta

Update oct 2021: added recursive logic over compartments hierarchy

Oracle Cloud provides out the box audit records that can be obtained by tools such the dashboard portal, the APIs like rest/go/java/phy and the CLI.

In this post we are explaining how to automate the archiving of the trails to an object storage bucket using the CLI inside DevCS, the CI/CD and DevOps tool provided for free by Oracle Cloud.

The script

Get the script from here. What it does is getting the audit records from the day before and puts in a file that is uploaded to object storage bucket at the end. As the number of records can be huge, the results are paginated.

Configuration

Create a bucket in object storage and grab the name for later. Select the storage tier depending on your needs, standard or archive.

Install jq

jq is utilised for json parsing

Mac

brew install jq

Linux

yum install jq

NOTE: jq comes otb in Oracle Linux image utilised by DevCS build templates

etc…

Test the script

Pass 2 arguments, compartmentid and bucketname, ignore the warnings.

MacBook-Pro:auditoser javiermugueta$ ./auditoser.sh 
 Wrong number of arguments passed!
 Usage:
       ./auditoser.sh compartmentid bucketname
 Example:
 ./auditoser.sh ocid1.compartment.oc1..aaaaaaaa3sz43qrfhsjmbibsrc6e7c2ftlt53gfnzifvlow2yoz7hk3ni2jq AUDIT
 MacBook-Pro:auditoser javiermugueta$ ./auditoser.sh ocid1.compartment.oc1..aaaaaaaa3sz43qrfhsjmbibsrc6e7c2ftlt53gfnzifvlow2yoz7hk3ni2jq AUDIT
 OCI Audit to Object Storage Archiver
 Initial audit date: 2019-11-29T00:00:00.000Z
 Final audit date: 2019-11-29T23:59:59.999Z
 WARNING: This operation supports pagination and not all resources were returned.  Re-run using the --all option to auto paginate and list all resources.
...

When all the records are retrieved, the file is zipped and uploaded to object storage:

Automating the job with DevCS

Create a build job with an OCIcli and a UNIX Shell steps as follows:

Put the following in the UNIX Shell step:

git clone https://github.com/javiermugueta/auditoser.git
cd auditoser
chmod 700 auditoser.sh
./auditoser.sh ${compartment} ${bucket}

Create a couple of parameters as follows:

Set up the schedule:

Test the job:

Inspect the output:

It seems is working fine! Let’s wait until finish…

That’s all folks, hope it helps! 🙂

4 Comments

  3. Srinath
    Reply

    Thanks for this article. I’m relatively new to OCI and I didn’t quite follow the DevCS steps for scheduling the job. Can you please elaborate the tool used for that? Is that part of OCI services?

    Like

    1. javier mugueta
      Reply

      Hi, DevCS is a CI/CD cloud service included in OCI. Currently Oracle is creating a brand new devops service. Anyway, you can automate the job from whatever ci/cd solution like Jenkins, bamboo, cron jobs and the like. The intention of the post was just use DevCS because is offered for free.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.