使用本节中的脚本可自动遮蔽活动报表或访问日志中的信息以确保符合隐私法,并通过电子邮件将报表发送至收件人(可选)。
由于某些国家/地区的隐私法较严格,活动报表和访问日志中可用的信息可能必须对服务管理员隐藏以保护用户的隐私。
可以使用 anonymizeData.bat
遮蔽活动报表或访问日志中的信息以确保符合隐私法,并通过电子邮件发送报表(可选)。要遮蔽信息,请使用 Windows 计划程序调度此脚本或其变体,让它每日在每个环境的日常维护流程完成后很快运行。
使用以下信息源:
通过复制以下过程中提供的 Windows 脚本并使用 Windows 计划程序调度该脚本来手动创建 anonymizeData.bat
。如果不想使用 Windows 进行调度,也可以创建和运行适合平台的类似脚本。
anonymizeData.bat
是一种包装器脚本,可以执行 anonymizeData.ps1
脚本,您可以按照以下过程中的说明创建并更新该脚本。
如果密码中包含特殊字符,请参阅“处理特殊字符”
anonymizeData.bat
的批处理 (BAT
) 文件,在其中包含以下脚本,并将它保存到一个方便的位置,例如 C:\automate_scripts
。
@echo off set paramRequiredMessage=Syntax: anonymizeData.bat USERNAME PASSWORD/PASSWORD_FILE URL [EMAIL_TO_ADDRESS] if "%~1" == "" ( echo User Name is missing. echo %paramRequiredMessage% exit /b 1 ) if "%~2" == "" ( echo Password or Password_File is missing. echo %paramRequiredMessage% exit /b 1 ) if "%~3" == "" ( echo URL is missing. echo %paramRequiredMessage% exit /b 1 ) PowerShell.exe -File anonymizeData.ps1 %*
anonymizeData.ps1
的 PowerShell 脚本 (PS1
) 文件,在其中包含以下脚本,并将它保存到一个方便的位置,例如 C:\automate_scripts
。
# Anonymize data script $username=$args[0] $password=$args[1] $url=$args[2] $emailtoaddress=$args[3] # Generic variables $date=$(get-date -f dd_MM_yy_HH_mm_ss) $datedefaultformat=$(get-date) $logdir="./logs/" $logfile="$logdir/anonymize-data-" + $date + ".log" $filelist="filelist.txt" function LogMessage { $message=$args[0] echo "$message" >> $logfile } function EchoAndLogMessage { $message=$args[0] echo "$message" echo "$message" >> $logfile } function Init { $logdirexists=Test-Path $logdir if (!($logdirexists)) { mkdir $logdir 2>&1 | out-null } $logfileexists=Test-Path $logfile if ($logfileexists) { rm $logfile 2>&1 | out-null } $filelistexists=Test-Path $filelist if ($filelistexists) { rm $filelist 2>&1 | out-null } } function ProcessCommand { $op=$args echo "EPM Automate operation: epmautomate.bat $op" >> $logfile if ($op -eq 'listfiles') { epmautomate.bat $op | where {$_ -like ' apr/*/access_log.zip'} | Tee-Object -FilePath $filelist | Out-File $logfile -Append 2>&1 } else { epmautomate.bat $op >> $logfile 2>&1 if ($LASTEXITCODE -ne 0) { echo "EPM Automate operation failed: epmautomate.bat $op. See $logfile for details." #exit } } } function RunEpmAutomateCommands { EchoAndLogMessage "Running EPM Automate commands to anonymize data in the access logs and activity reports." ProcessCommand login $username $password $url ProcessCommand listfiles ProcessFiles ProcessCommand logout } function ProcessActivityReport { $activityreport=$args[0] $user=$args[1] $activityreportexists=Test-Path "$activityreport" if ($activityreportexists) { LogMessage "Removing User ID: $user from activity report $activityreport" (Get-Content "$activityreport").replace("$user", 'XXXXX') | Set-Content "$activityreport" $txt = [io.file]::ReadAllText("$activityreport") -replace "`r`n","`n" [io.file]::WriteAllText("$activityreport", $txt) #Get-ChildItem -File -Recurse | % { $x = get-content -raw -path $activityreport; $x -replace "`r`n","`n" | set-content -path $activityreport } } } function AnonymizeData { $aprdir=$args[0] $datestampdir=$args[1] $path="$aprdir/$datestampdir" $accesslogzipped="access_log.zip" $accesslog="access_log.csv" $accesslogupdated=$accesslog + ".tmp" $activityreportfile="$datestampdir" + ".html" $userArray = @() expand-Archive -Path "$path/$accesslogzipped" -DestinationPath $path rm $path/$accesslogzipped 2>&1 | out-null $accesslogexists=Test-Path "$path/$accesslog" if ($accesslogexists) { EchoAndLogMessage "Processing access log: $path/$accesslog" Get-Content $path/$accesslog | ForEach-Object { $elements=[regex]::Split( $_ , ',(?=(?:[^"]|"[^"]*")*$)' ) $date=$elements[0] $time=$elements[1] $uri=$elements[2] $duration=$elements[3] $bytes=$elements[4] $ip=$elements[5] $user=$elements[6] $screen=$elements[7] $action=$elements[8] $object=$elements[9] if ($date -like 'Date') { echo "$_" >> $path/$accesslogupdated } else { if ($user -notlike '-') { LogMessage "Removing instance of User ID: $user from $path/$accesslog." echo "$date,$time,$uri,$duration,$bytes,$ip,XXXXX,$screen,$action,$object" >> $path/$accesslogupdated $userArray += $user } else { echo "$date,$time,$uri,$duration,$bytes,$ip,$user,$screen,$action,$object" >> $path/$accesslogupdated } } } #Get-ChildItem -File -Recurse | % { $x = get-content -raw -path $path/$accesslogupdated; $x -replace "`r`n","`n" | set-content -path $path/$accesslogupdated } $txt = [io.file]::ReadAllText("$path/$accesslogupdated") -replace "`r`n","`n" [io.file]::WriteAllText("$path/$accesslogupdated", $txt) mv -Force $path/$accesslogupdated $path/$accesslog Compress-Archive -Path $path/$accesslog $path/$accesslogzipped rm $path/$accesslog 2>&1 | out-null } EchoAndLogMessage "Processing activity report: $path/$activityreportfile" $userArray = $userArray | Select-Object -Unique foreach ($element in $userArray) { ProcessActivityReport "$path/$activityreportfile" "$element" } } function ProcessFiles { # Loop through iteration csv file and parse Get-Content $filelist | ForEach-Object { $fullpath=$_.trim() $elements=$fullpath.split('/') $aprdir=$elements[0] $datestampdir=$elements[1] $accesslogfile="access_log.zip" $activityreportfile="$datestampdir" + ".html" $datestampdirexists=Test-Path "$aprdir/$datestampdir" $accesslog="$aprdir/$datestampdir/$accesslogfile" $activityreport="$aprdir/$datestampdir/$activityreportfile" echo "fullpath: $fullpath" >> $logfile echo "aprdir: $aprdir, datestampdir: $datestampdir" >> $logfile if (!($datestampdirexists)) { mkdir "$aprdir/$datestampdir" -ea 0 2>&1 | out-null ProcessCommand downloadfile "$accesslog" ProcessCommand downloadfile "$activityreport" mv "$accesslogfile" "$aprdir/$datestampdir" mv "$activityreportfile" "$aprdir/$datestampdir" AnonymizeData "$aprdir" "$datestampdir" ProcessCommand deletefile "$accesslog" ProcessCommand deletefile "$activityreport" ProcessCommand uploadfile "$accesslog" "$aprdir/$datestampdir" ProcessCommand uploadfile "$activityreport" "$aprdir/$datestampdir" } else { EchoAndLogMessage "Files in directory $aprdir/$datestampdir were processed earlier. Skipping these files." } } } function callSendMail { $elements=$logfile.split('/') $logfilename=$elements[3] if (${emailtoaddress} -match "@") { epmautomate.bat login ${username} ${password} ${url} epmautomate.bat uploadFile "$logfile" epmautomate.bat sendMail $emailtoaddress "Mask Access Logs and Activity Reports results" Body="The results of running the Mask Access Logs and Activity Reports script are attached." Attachments=$logfilename epmautomate.bat deleteFile "$logfilename" epmautomate.bat logout } } Init EchoAndLogMessage "Starting the anonymize data script" RunEpmAutomateCommands EchoAndLogMessage "Anonymize data script completed" EchoAndLogMessage "Refer to logfile: $logfile for details." callSendMail
anonymizeData.bat
。有关详细步骤,请参阅“自动执行脚本”。
anonymizeData.bat