Blade ZipKit - Parse Security Event Log for Past 24 Hours via BSA

Version 2

    Blade ZipKit Package Info

    Name: Parse Security Event Log for Past 24 Hours via BSA

    Type: BLPackage, NSH Script, Component Template

    BSA Compatible Version: 8.3.x

    Created by: Naveen Anne


    This zip kit contains a batch job 00_Parse Security Logs which includes the following member jobs:


    1. 01_Get Servers - The purpose of this job is to read an input file in csv format, get a list of server names from input file and add these servers as targets to member job#2 i.e. Log Parser File Deploy Job.

    PREREQUISITES FOR JOB#1: The input file must have server names in column 1.

    2. 02_Parse Security Logs - The purpose of this job is to two fold: a) Deploy "LogParser.exe" executable file to each target. b) Run LogParser on the target to obtain security event log for the past 24 hours. c) Write the output of LogParser to a csv formatted file.

    PREREQUISITES FOR JOB#2: The source location for LogParser.exe is set to //<host>/C/Temp/pro. The destination location to deploy LogParser.exe is set to /C/Temp. Change these locations accordingly.

    3. 03_Get Security Logs - This job copies the csv formatted output file obtained from LogParser from each target server to a central location.

    PREREQUISITES FOR JOB#3: The location to copy all csv files is set to /c/Temp/pro/csvs as this was tested on a windows server. Change the location accordingly if the application server is a Linux flavored server.

    4. 04_Consolidate Security Logs - The purpose this last job in the list of member jobs is to read each csv file copied from all targets in member job#3 and create 1 single csv formatted output file. This job uses a perl script to take advantage of faster file read and better string manipulation features.


    a).The perl script assumes that all csv files are present in 'C:\Temp\pro\csvs' directory. If you copied csv files to a different directory by changing the location in job#3, please modify line#2 in the perl script.

    b). The final output file is written to 'C:\Temp\pro'. If the location is different in your environment, please modify line#8 in the perl script accordingly.

    c). Perl must be installed on server in which this job is executed.


    Instructions for importing the package:

    1. Download the attached zip file
    2. Extract the content to a location accessible by the BSA Console
    3. From the BSA Console, select Depot, right-click and select Import
    4. Browse to the location of the un-zipped folder
    5. Check the box for "Automatically map or create export group"
    6. Click Next twice
    7. Select a location where to place this new package in BSA (default will keep structure of the package as it was exported)
    8. Click Finish



    *Note: This is a community supported package.