이 섹션의 PowerShell 및 Bash 쉘 스크립트를 사용하여 EPM Automate 명령을 통해 수동 데이터베이스 액세스에 대한 감사 및 준수 데이터를 수집할 수 있습니다.
이 스크립트를 사용하여 다음 태스크를 완료할 수 있습니다.
./reports/dataAccessAuditReport.txt 생성. 보고서에는 데이터베이스 액세스 시간 및 실행된 SQL 명령이 나열됩니다. 최신 정보를 맨위에 표시하는 누적 파일입니다. 제공되는 정보는 다음과 같습니다.
활동 보고서에 수동 데이터베이스 액세스가 보고되지 않은 경우, No SQL statements executed가 보고서에 표시됩니다.
데이터 액세스 감사 및 준수를 자동화하려면 다음을 수행합니다.
parseActivityReport.ps1(Windows의 경우 PowerShell 스크립트(parseActivityReport.ps1) 참조) 또는 parseActivityReport.sh(Linux/UNIX의 경우 Bash 쉘 스크립트(parseActivityReport.sh) 참조)로 지정합니다.parseActivityReport.bat라는 뱃치 파일을 생성합니다. parseActivityReport.ps1이 저장된 디렉토리에 파일을 저장합니다.
@echo off set paramRequiredMessage=Syntax: parseActivityReport.bat USERNAME PASSWORD/PASSWORD_FILE URL [REPORT_EMAIL_TO_ADDRESS] if "%~1" == "" ( echo User Name is missing. echo %paramRequiredMessage% exit /b 1 ) if "%~2" == "" ( echo Password or Password_File is missing. echo %paramRequiredMessage% exit /b 1 ) if "%~3" == "" ( echo URL is missing. echo %paramRequiredMessage% exit /b 1 ) PowerShell.exe -File parseActivityReport.ps1 %*
parseActivityReport.bat(Windows) 또는 parseActivityReport.sh(Linux/UNIX 참조)를 수정하여 다음 테이블에 있는 매개변수 값을 설정합니다.
표 3-10 스크립트에 포함할 변수 값
| 변수 | 설명 |
|---|---|
epmuser |
서비스 관리자의 사용자 이름
예: Windows: Linux/UNIX: |
epmpassword |
서비스 관리자의 비밀번호 또는 암호화된 비밀번호 파일의 위치. 암호화된 비밀번호 파일을 생성하는 방법에 대한 자세한 내용은 encrypt 명령을 참조하십시오.
비밀번호에 특수 문자가 포함된 경우 특수 문자 처리를 참조하십시오. 예: Windows: Linux/UNIX: |
epmurl |
Oracle Enterprise Performance Management Cloud 환경의 URL입니다.
예: Windows: Linux/UNIX: |
report_email_to_address |
선택사항으로, 보고서를 보낼 전자메일 주소입니다. 이 값이 지정된 경우에만 보고서를 전자메일로 보냅니다.
예: |
parseActivityReport.sh만 해당: 다음 값이 시스템에 맞게 설정되었는지 확인합니다.
JAVA_HOMEepmautomatescript.sh 위치(epmautomatescript 지시어 값 업데이트)parseActivityReport.bat(parseActivityReport.ps1) 또는 parseActivityReport.sh가 매일 한 번 실행되도록 스케줄링합니다. 스크립트 실행 자동화를 참조하십시오.PowerShell 스크립트(parseActivityReport.ps1)
# Parse Activity Report script
$epmuser=$args[0]
$epmpassword=$args[1]
$epmurl=$args[2]
$reportemailtoaddress=$args[3]
$logdir="./logs"
$logfile="${logdir}/data_access.log"
$reportdir="./reports"
$reportfile="${reportdir}/dataAccessAuditReport.txt"
$matchfile="${reportdir}/matchfile.txt"
$nosrfile="${reportdir}/data_access_nosr.csv"
$srfile="${reportdir}/data_access_sr.csv"
$aprfilelist="${reportdir}/aprfilelist.txt"
$activityreportfilelist="${reportdir}/activityreportfiles.txt"
$activityreportregex='apr/[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}_[0-9]{2}_[0-9]{2}/[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}_[0-9]{2}_[0-9]{2}.html'
$global:activityreportfile=""
$NO_SQL_EXECUTED_STATEMENT="No SQL statements executed"
$SQL_WITH_SR_EXECUTED_STATEMENT="SQL statements executed with an SR"
$SQL_WITH_NO_SR_EXECUTED_STATEMENT="SQL statements executed without an SR"
function DownloadLatestActivityReport() {
epmautomate.bat login ${epmuser} ${epmpassword} ${epmurl} >> ${logfile}
epmautomate.bat listfiles > ${aprfilelist}
foreach ($line in Get-Content $aprfilelist) {
if ($line -match $activityreportregex){
echo "$line" >> $activityreportfilelist
}
}
$global:activityreportfile=Get-Content ${activityreportfilelist} -Tail 1
$global:activityreportfile=$global:activityreportfile.trim()
echo " "
echo "Processing activity report file: $global:activityreportfile" | tee -a ${logfile}
epmautomate.bat downloadfile "$global:activityreportfile" >> ${logfile}
epmautomate.bat logout >> ${logfile}
}
function deleteLine($file, $start, $end) {
$i = 0
$start--
$end--
(Get-Content $file) | where{
($i -lt $start -or $i -gt $end)
$i++
} > $file
#(Get-Content $file)
}
function GenerateCsvs()
{
$sqlregex='<DIV id="Database">.*?</DIV>'
$activityreportfilename=Split-Path $global:activityreportfile -leaf
echo "Creating CSV file: ${matchfile} from data in activityreportfile: ${activityreportfilename}" >> ${logfile}
# remove tab and newline characters
$activityreportexists=Test-Path "$activityreportfilename"
if ($activityreportexists) {
(Get-Content "$activityreportfilename") -join ' ' | Set-Content "$activityreportfilename"
(Get-Content "$activityreportfilename") -replace "`t", "" | Set-Content "$activityreportfilename"
}
# capture text matching regex
$string=Get-Content $activityreportfilename
$ans=$string -match $sqlregex
if ($ans -eq "True") {
$Matches.0 > $matchfile
# remove HTML tags, etc.
(Get-Content "$matchfile") -replace "<tr", "`n<tr" | Set-Content "$matchfile"
(Get-Content "$matchfile") -replace "<tr[^>]*>", "" | Set-Content "$matchfile"
(Get-Content "$matchfile") -replace "<th[^>]*>", "" | Set-Content "$matchfile"
(Get-Content "$matchfile") -replace "<td[^>]*>", "|" | Set-Content "$matchfile"
(Get-Content "$matchfile") -replace "<br>", "" | Set-Content "$matchfile"
(Get-Content "$matchfile") -replace "</td>", "" | Set-Content "$matchfile"
(Get-Content "$matchfile") -replace "</tr>", "" | Set-Content "$matchfile"
(Get-Content "$matchfile") -replace "\s*</table>\s*</DIV>", "" | Set-Content "$matchfile"
deleteLine $matchfile 1 2
# create SR, NOSR CSV files
Get-Content $matchfile | ForEach-Object {
$elements=$_.split('|')
$timeval=$elements[1].Trim()
$srval=$elements[3].Trim()
$sqlval=$elements[4].Trim()
if (${srval} -eq "") {
echo "${timeval}|${sqlval}" >> ${nosrfile}
} else {
if (${sqlval} -ne "") {
echo "${srval}|${timeval}|${sqlval}" >> ${srfile}
}
}
}
} else { # no SQL statements in activity report
echo "" >> ${reportfile}
echo $(date) >> ${reportfile}
echo "Processing activity report file: $global:activityreportfile" >> ${reportfile}
echo "${NO_SQL_EXECUTED_STATEMENT}" | tee -a ${reportfile}
CleanUp
EmailReportResults
exit
}
}
function ReportResults() {
echo $(date) >> ${reportfile}
echo "Processing activity report file: $global:activityreportfile" >> ${reportfile}
$srfileexists=Test-Path $srfile
if ($srfileexists) {
echo "" | tee -a ${reportfile}
echo "${SQL_WITH_SR_EXECUTED_STATEMENT}" | tee -a ${reportfile}
echo "SR# Time SQL Statement" | tee -a ${reportfile}
echo "--- ---- -------------" | tee -a ${reportfile}
# Loop through csv file and parse
Get-Content $srfile | ForEach-Object {
$elements=$_.split('|')
$srval=$elements[0]
$timeval=$elements[1]
$sqlval=$elements[2]
echo "${srval} ${timeval} ${sqlval}" | tee -a ${reportfile}
}
}
$nosrfileexists=Test-Path $nosrfile
if ($nosrfileexists) {
echo "" | tee -a ${reportfile}
echo "${SQL_WITH_NO_SR_EXECUTED_STATEMENT}" | tee -a ${reportfile}
echo "Time SQL Statement" | tee -a ${reportfile}
echo "---- -------------" | tee -a ${reportfile}
# Loop through csv file and parse
Get-Content $nosrfile | ForEach-Object {
$elements=$_.split('|')
$timeval=$elements[0]
$sqlval=$elements[1]
echo "${timeval} ${sqlval}" | tee -a ${reportfile}
}
}
EmailReportResults
}
function EmailReportResults
{
$elements=$reportfile.split('/')
$reportfilename=$elements[2]
if (${reportemailtoaddress} -match "@") {
echo "Emailing Activity Report Results" | tee -a ${logfile}
epmautomate.bat login ${epmuser} ${epmpassword} ${epmurl} >> ${logfile}
epmautomate.bat uploadFile $reportfile >> ${logfile}
epmautomate.bat sendMail $reportemailtoaddress "Database Access Audit Report Results" Body="Database Access Audit Report Results are attached." Attachments=$reportfilename >> ${logfile}
epmautomate.bat deleteFile $reportfilename >> ${logfile}
epmautomate.bat logout >> ${logfile}
}
}
function Init
{
$logdirexists=Test-Path $logdir
if (!($logdirexists)) {
mkdir $logdir 2>&1 | out-null
}
$reportdirexists=Test-Path $reportdir
if (!($reportdirexists)) {
mkdir $reportdir 2>&1 | out-null
}
$logfileexists=Test-Path $logfile
if ($logfileexists) {
rm $logfile 2>&1 | out-null
}
$matchfileexists=Test-Path $matchfile
if ($matchfileexists) {
rm $matchfile 2>&1 | out-null
}
$nosrfileexists=Test-Path $nosrfile
if ($nosrfileexists) {
rm $nosrfile 2>&1 | out-null
}
$srfileexists=Test-Path $srfile
if ($srfileexists) {
rm $srfile 2>&1 | out-null
}
$aprfilelistexists=Test-Path $aprfilelist
if ($aprfilelistexists) {
rm $aprfilelist 2>&1 | out-null
}
$activityreportfilelistexists=Test-Path $activityreportfilelist
if ($activityreportfilelistexists) {
rm $activityreportfilelist 2>&1 | out-null
}
}
function CleanUp
{
$matchfileexists=Test-Path $matchfile
if ($matchfileexists) {
rm $matchfile 2>&1 | out-null
}
$aprfilelistexists=Test-Path $aprfilelist
if ($aprfilelistexists) {
rm $aprfilelist 2>&1 | out-null
}
$activityreportfilelistexists=Test-Path $activityreportfilelist
if ($activityreportfilelistexists) {
rm $activityreportfilelist 2>&1 | out-null
}
}
Init
DownloadLatestActivityReport
GenerateCsvs
ReportResults
CleanUpBash 쉘 스크립트(parseActivityReport.sh)
#!/bin/sh
export JAVA_HOME=/scratch/dteHome/autoWork/jdk1.8.0_191
epmautomatescript=/scratch/dteHome/autoWork/epmautomate/19.11.55/bin/epmautomate.sh
epmuser="<EPM USER>"
epmpwd="<EPM PASSWORD>"
epmurl="<EPM URL>"
reportemailtoaddress="<EMAIL ADDRESS>"
logdir=./logs
logfile="${logdir}/data_access.log"
reportdir=./reports
reportfile="${reportdir}/dataAccessAuditReport.txt"
nosrfile="${reportdir}/data_access_nosr.csv"
srfile="${reportdir}/data_access_sr.csv"
matchfile="${reportdir}/match.out"
aprfilelist="${reportdir}/aprfilelist.txt"
activityreportfile=""
activityreportregex='apr/[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}_[0-9]{2}_[0-9]{2}/[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}_[0-9]{2}_[0-9]{2}.html'
NO_SQL_EXECUTED_STATEMENT="No SQL statements executed".
SQL_WITH_SR_EXECUTED_STATEMENT="SQL statements executed with an SR"
SQL_WITH_NO_SR_EXECUTED_STATEMENT="SQL statements executed without an SR"
cd "$(dirname "$0")"
generateCsvs()
{
local sqlregex='<DIV id="Database">.*?</DIV>'
local activityreportfilename=$(echo "${activityreportfile}" | rev | cut -d'/' -f1 | rev)
echo "Creating CSV file: ${matchfile} from data in activityreportfile: ${activityreportfilename}" >> ${logfile}
# remove tab and newline characters
cat "${activityreportfilename}" | tr -d "\t\n\r" > ${matchfile}
# capture text matching regex
grep -Po "${sqlregex}" ${matchfile} > ${matchfile}.tmp
# remove HTML tags, etc.
sed -e 's/<tr/\n<tr/g' -e 's/<tr[^>]*>//g' -e 's/<th[^>]*>//g' -e 's/<td[^>]*>/|/g' -e 's/<br>//g' -e 's|</td>||g' -e 's|</tr>||g' -e 's|[ ]*</table></DIV>||g' -e 's/|[ ]*/|/g' -e 's/[ ]*|/|/g' -e 's/<DIV id="Database">.*<!-- Print Tables -->\n//g' ${matchfile}.tmp > ${matchfile}
# create SR, NOSR CSV files
while read line
do
timeval=$(echo "${line}" | cut -d'|' -f2)
srval=$(echo "${line}" | cut -d'|' -f4)
sqlval=$(echo "${line}" | cut -d'|' -f5)
if [[ "${srval}" == "" ]]
then
echo "${timeval}|${sqlval}" >> ${nosrfile}
else
if [[ "${sqlval}" != "" ]]
then
echo "${srval}|${timeval}|${sqlval}" >> ${srfile}
fi
fi
done < ${matchfile}
}
reportResults() {
echo $(date) >> ${reportfile}
echo "Processing activity report file: $activityreportfile" >> ${reportfile}
if [[ -f ${srfile} ]]
then
echo "" | tee -a ${reportfile}
echo "${SQL_WITH_SR_EXECUTED_STATEMENT}" | tee -a ${reportfile}
echo "SR# Time SQL Statement" | tee -a ${reportfile}
echo "--- ---- -------------" | tee -a ${reportfile}
while read line
do
srval=$(echo "${line}" | cut -d'|' -f1)
timeval=$(echo "${line}" | cut -d'|' -f2)
sqlval=$(echo "${line}" | cut -d'|' -f3)
echo "${srval} ${timeval} ${sqlval}" | tee -a ${reportfile}
done < ${srfile}
fi
if [[ -f ${nosrfile} ]]
then
echo "" | tee -a ${reportfile}
echo "${SQL_WITH_NO_SR_EXECUTED_STATEMENT}" | tee -a ${reportfile}
echo "Time SQL Statement" | tee -a ${reportfile}
echo "---- --- ---------" | tee -a ${reportfile}
while read line
do
timeval=$(echo "${line}" | cut -d'|' -f1)
sqlval=$(echo "${line}" | cut -d'|' -f2)
echo "${timeval} ${sqlval}" | tee -a ${reportfile}
done < ${nosrfile}
fi
if [[ ! -f ${srfile} ]] && [[ ! -f ${nosrfile} ]]
then
echo "" | tee -a ${reportfile}
echo "${NO_SQL_EXECUTED_STATEMENT}" | tee -a ${reportfile}
fi
emailReportResults
}
downloadLatestActivityReport() {
${epmautomatescript} login ${epmuser} ${epmpwd} ${epmurl} >> ${logfile}
${epmautomatescript} listfiles > ${aprfilelist}
activityreportfile=$(cat ${aprfilelist} | grep -P "${activityreportregex}" | tail -n 1 | sed -e 's/^ //')
echo " "
echo "Processing activity report file: ${activityreportfile}" | tee -a ${logfile}
${epmautomatescript} downloadfile "${activityreportfile}" >> ${logfile}
${epmautomatescript} logout >> ${logfile}
}
emailReportResults() {
reportfilename=$(echo "${reportfile}" | cut -d'/' -f3)
if [[ "${reportemailtoaddress}" == *"@"* ]]
then
echo "Emailing Activity Report Results" | tee -a ${logfile}
${epmautomatescript} login ${epmuser} ${epmpwd} ${epmurl} >> ${logfile}
${epmautomatescript} uploadFile "$reportfile" >> ${logfile}
${epmautomatescript} sendMail $reportemailtoaddress "Database Access Audit Report Results" Body="Database Access Audit Report Results are attached." Attachments=$reportfilename >> ${logfile}
${epmautomatescript} deleteFile "$reportfilename" >> ${logfile}
${epmautomatescript} logout >> ${logfile}
fi
}
checkParams()
{
if [ -z "$epmuser" ]
then
echo "Username is missing."
echo "Syntax: parseActivityReport.sh USERNAME PASSWORD URL"
exit 2
fi
if [ -z "$epmpwd" ]
then
echo "Password is missing."
echo "Syntax: parseActivityReport.sh USERNAME PASSWORD URL"
exit 2
fi
if [ -z "$epmurl" ]
then
echo "URL is missing."
echo "Syntax: parseActivityReport.sh USERNAME PASSWORD URL"
exit 2
fi
}
init()
{
checkParams
if [ ! -d "${logdir}" ]
then
mkdir ${logdir}
fi
if [ ! -d "${reportdir}" ]
then
mkdir ${reportdir}
fi
if [ ! -f "${epmautomatescript}" ]
then
echo "Cannot locate EPMAutomate script: ${epmautomatescript}. Please check setting and run script again. Exiting." | tee -a ${logfile}
exit
fi
if [ -f "${srfile}" ]
then
rm ${srfile}
fi
if [ -f "${nosrfile}" ]
then
rm ${nosrfile}
fi
if [ -f "${matchfile}" ]
then
rm ${matchfile}
fi
if [ -f "${aprfilelist}" ]
then
rm ${aprfilelist}
fi
}
cleanup()
{
if [ -f "${matchfile}" ]
then
rm ${matchfile}
fi
if [ -f "${matchfile}.tmp" ]
then
rm ${matchfile}.tmp
fi
if [ -f "${aprfilelist}" ]
then
rm ${aprfilelist}
fi
}
init
downloadLatestActivityReport
generateCsvs
reportResults
cleanup