Skip to Main Content
1 VOTE
Categories Security
Created by Travis Patenaude
Created on Feb 22, 2024

Ability to export audit logs to syslog server

This really would be for all RMS actions. But instead of storing in the database, we could keep only a few days here and then ship them all off to our syslog server for future discovery. I'm thinking about utilizing Recast Builder more for admin type powershell scripts and would be helpful to log this so I know who is running what where from a security perspective.

Product Recast Management Server
  • Attach files
  • Admin
    Garth Jones
    Reply
    |
    Feb 23, 2024

    Have you looked at the RMS API to move results to your syslog?

    Here is a simple PowerShell script, that I whipped up. Watch out all line wrapping.


    $inputs = @(@{ StartDate = (Get-Date).adddays(-30) EndDate = Get-Date})


    $inputs$json = $inputs | ConvertTo-Json$response = Invoke-RestMethod -Method Post -Uri https://rms-rcte.dev.recastsoftware.com:443/api/Administration/GetExecutionHistory -Body $json -UseDefaultCredentials

    $response.Result.Result