Automating Audit Trails Archive to Object Storage with Oracle Developer Cloud Service


Oracle Cloud provides out the box audit records that can be obtained by tools such the dashboard portal, the APIs like rest/go/java/phy and the CLI.

In this post we are explaining how to automate the archiving of the trails to an object storage bucket using the CLI inside DevCS, the CI/CD and DevOps tool provided for free by Oracle Cloud.

The script

Get the script from here. What it does is getting the audit records from the day before and puts in a file that is uploaded to object storage bucket at the end. As the number of records can be huge, the results are paginated.

Configuration

Create a bucket in object storage and grab the name for later. Select the storage tier depending on your needs, standard or archive.

Install jq

jq is utilised for json parsing

Mac

brew install jq

Linux

yum install jq

NOTE: jq comes otb in Oracle Linux image utilised by DevCS build templates

etc…

Test the script

Pass 2 arguments, compartmentid and bucketname, ignore the warnings.

MacBook-Pro:auditoser javiermugueta$ ./auditoser.sh 
 Wrong number of arguments passed!
 Usage:
       ./auditoser.sh compartmentid bucketname
 Example:
 ./auditoser.sh ocid1.compartment.oc1..aaaaaaaa3sz43qrfhsjmbibsrc6e7c2ftlt53gfnzifvlow2yoz7hk3ni2jq AUDIT
 MacBook-Pro:auditoser javiermugueta$ ./auditoser.sh ocid1.compartment.oc1..aaaaaaaa3sz43qrfhsjmbibsrc6e7c2ftlt53gfnzifvlow2yoz7hk3ni2jq AUDIT
 OCI Audit to Object Storage Archiver
 Initial audit date: 2019-11-29T00:00:00.000Z
 Final audit date: 2019-11-29T23:59:59.999Z
 WARNING: This operation supports pagination and not all resources were returned.  Re-run using the --all option to auto paginate and list all resources.
...

When all the records are retrieved, the file is zipped and uploaded to object storage:

Automating the job with DevCS

Create a build job with an OCIcli and a UNIX Shell steps as follows:

Put the following in the UNIX Shell step:

git clone https://github.com/javiermugueta/auditoser.git
cd auditoser
chmod 700 auditoser.sh
./auditoser.sh ${compartment} ${bucket}

Create a couple of parameters as follows:

Set up the schedule:

Test the job:

Inspect the output:

It seems is working fine! Let’s wait until finish…

That’s all folks, hope it helps! 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.