使用本節中的指令碼,來自動執行遮罩「活動報表」或「存取日誌」中資訊的程序,以遵守隱私法以及 (選擇性) 透過電子郵件將報表傳送給收件者。
因為某些國家有嚴格的隱私法,活動報表和存取日誌中的資訊可能必須避免服務管理員看見,以保護使用者的隱私。
您可以使用 anonymizeData.bat 來遮罩活動報表或存取日誌中的資訊,以遵守隱私法以及選擇性透過電子郵件傳送。若要遮罩資訊,請使用 Windows 排程器來排定此指令碼或其變化版本,每天在每個環境的每日維護程序完成之後立即執行。
請使用下列資訊來源:
您需要複製下列程序中提供的 Windows 指令碼來手動建立 anonymizeData.bat,並使用 Windows 排程器來排定它。如果不是使用 Windows 來排定,您可以建立和執行類似的平台適用指令碼。
anonymizeData.bat 是包裝函式指令碼,將會執行您依下列程序所述來建立和更新的 anonymizeData.ps1 指令碼。
如果密碼包含特殊字元,請參閱處理特殊字元
anonymizeData.bat 的批次 (BAT) 檔案,其包含下列指令碼,並將其儲存在方便的位置,例如,C:\automate_scripts。
@echo off set paramRequiredMessage=Syntax: anonymizeData.bat USERNAME PASSWORD/PASSWORD_FILE URL [EMAIL_TO_ADDRESS] if "%~1" == "" ( echo User Name is missing. echo %paramRequiredMessage% exit /b 1 ) if "%~2" == "" ( echo Password or Password_File is missing. echo %paramRequiredMessage% exit /b 1 ) if "%~3" == "" ( echo URL is missing. echo %paramRequiredMessage% exit /b 1 ) PowerShell.exe -File anonymizeData.ps1 %*
anonymizeData.ps1 的 PowerShell 指令碼 (PS1) 檔案,其包含下列指令碼,並將其儲存在方便的位置,例如,C:\automate_scripts。
# Anonymize data script
$username=$args[0]
$password=$args[1]
$url=$args[2]
$emailtoaddress=$args[3]
# Generic variables
$date=$(get-date -f dd_MM_yy_HH_mm_ss)
$datedefaultformat=$(get-date)
$logdir="./logs/"
$logfile="$logdir/anonymize-data-" + $date + ".log"
$filelist="filelist.txt"
function LogMessage
{
$message=$args[0]
echo "$message" >> $logfile
}
function EchoAndLogMessage
{
$message=$args[0]
echo "$message"
echo "$message" >> $logfile
}
function Init
{
$logdirexists=Test-Path $logdir
if (!($logdirexists)) {
mkdir $logdir 2>&1 | out-null
}
$logfileexists=Test-Path $logfile
if ($logfileexists) {
rm $logfile 2>&1 | out-null
}
$filelistexists=Test-Path $filelist
if ($filelistexists) {
rm $filelist 2>&1 | out-null
}
}
function ProcessCommand
{
$op=$args
echo "EPM Automate operation: epmautomate.bat $op" >> $logfile
if ($op -eq 'listfiles') {
epmautomate.bat $op | where {$_ -like ' apr/*/access_log.zip'} | Tee-Object -FilePath $filelist | Out-File $logfile -Append 2>&1
} else {
epmautomate.bat $op >> $logfile 2>&1
if ($LASTEXITCODE -ne 0) {
echo "EPM Automate operation failed: epmautomate.bat $op. See $logfile for details."
#exit
}
}
}
function RunEpmAutomateCommands
{
EchoAndLogMessage "Running EPM Automate commands to anonymize data in the access logs and activity reports."
ProcessCommand login $username $password $url
ProcessCommand listfiles
ProcessFiles
ProcessCommand logout
}
function ProcessActivityReport
{
$activityreport=$args[0]
$user=$args[1]
$activityreportexists=Test-Path "$activityreport"
if ($activityreportexists) {
LogMessage "Removing User ID: $user from activity report $activityreport"
(Get-Content "$activityreport").replace("$user", 'XXXXX') | Set-Content "$activityreport"
$txt = [io.file]::ReadAllText("$activityreport") -replace "`r`n","`n"
[io.file]::WriteAllText("$activityreport", $txt)
#Get-ChildItem -File -Recurse | % { $x = get-content -raw -path $activityreport; $x -replace "`r`n","`n" | set-content -path $activityreport }
}
}
function AnonymizeData
{
$aprdir=$args[0]
$datestampdir=$args[1]
$path="$aprdir/$datestampdir"
$accesslogzipped="access_log.zip"
$accesslog="access_log.csv"
$accesslogupdated=$accesslog + ".tmp"
$activityreportfile="$datestampdir" + ".html"
$userArray = @()
expand-Archive -Path "$path/$accesslogzipped" -DestinationPath $path
rm $path/$accesslogzipped 2>&1 | out-null
$accesslogexists=Test-Path "$path/$accesslog"
if ($accesslogexists) {
EchoAndLogMessage "Processing access log: $path/$accesslog"
Get-Content $path/$accesslog | ForEach-Object {
$elements=[regex]::Split( $_ , ',(?=(?:[^"]|"[^"]*")*$)' )
$date=$elements[0]
$time=$elements[1]
$uri=$elements[2]
$duration=$elements[3]
$bytes=$elements[4]
$ip=$elements[5]
$user=$elements[6]
$screen=$elements[7]
$action=$elements[8]
$object=$elements[9]
if ($date -like 'Date') {
echo "$_" >> $path/$accesslogupdated
} else {
if ($user -notlike '-') {
LogMessage "Removing instance of User ID: $user from $path/$accesslog."
echo "$date,$time,$uri,$duration,$bytes,$ip,XXXXX,$screen,$action,$object" >> $path/$accesslogupdated
$userArray += $user
} else {
echo "$date,$time,$uri,$duration,$bytes,$ip,$user,$screen,$action,$object" >> $path/$accesslogupdated
}
}
}
#Get-ChildItem -File -Recurse | % { $x = get-content -raw -path $path/$accesslogupdated; $x -replace "`r`n","`n" | set-content -path $path/$accesslogupdated }
$txt = [io.file]::ReadAllText("$path/$accesslogupdated") -replace "`r`n","`n"
[io.file]::WriteAllText("$path/$accesslogupdated", $txt)
mv -Force $path/$accesslogupdated $path/$accesslog
Compress-Archive -Path $path/$accesslog $path/$accesslogzipped
rm $path/$accesslog 2>&1 | out-null
}
EchoAndLogMessage "Processing activity report: $path/$activityreportfile"
$userArray = $userArray | Select-Object -Unique
foreach ($element in $userArray) {
ProcessActivityReport "$path/$activityreportfile" "$element"
}
}
function ProcessFiles
{
# Loop through iteration csv file and parse
Get-Content $filelist | ForEach-Object {
$fullpath=$_.trim()
$elements=$fullpath.split('/')
$aprdir=$elements[0]
$datestampdir=$elements[1]
$accesslogfile="access_log.zip"
$activityreportfile="$datestampdir" + ".html"
$datestampdirexists=Test-Path "$aprdir/$datestampdir"
$accesslog="$aprdir/$datestampdir/$accesslogfile"
$activityreport="$aprdir/$datestampdir/$activityreportfile"
echo "fullpath: $fullpath" >> $logfile
echo "aprdir: $aprdir, datestampdir: $datestampdir" >> $logfile
if (!($datestampdirexists)) {
mkdir "$aprdir/$datestampdir" -ea 0 2>&1 | out-null
ProcessCommand downloadfile "$accesslog"
ProcessCommand downloadfile "$activityreport"
mv "$accesslogfile" "$aprdir/$datestampdir"
mv "$activityreportfile" "$aprdir/$datestampdir"
AnonymizeData "$aprdir" "$datestampdir"
ProcessCommand deletefile "$accesslog"
ProcessCommand deletefile "$activityreport"
ProcessCommand uploadfile "$accesslog" "$aprdir/$datestampdir"
ProcessCommand uploadfile "$activityreport" "$aprdir/$datestampdir"
} else {
EchoAndLogMessage "Files in directory $aprdir/$datestampdir were processed earlier. Skipping these files."
}
}
}
function callSendMail
{
$elements=$logfile.split('/')
$logfilename=$elements[3]
if (${emailtoaddress} -match "@") {
epmautomate.bat login ${username} ${password} ${url}
epmautomate.bat uploadFile "$logfile"
epmautomate.bat sendMail $emailtoaddress "Mask Access Logs and Activity Reports results" Body="The results of running the Mask Access Logs and Activity Reports script are attached." Attachments=$logfilename
epmautomate.bat deleteFile "$logfilename"
epmautomate.bat logout
}
}
Init
EchoAndLogMessage "Starting the anonymize data script"
RunEpmAutomateCommands
EchoAndLogMessage "Anonymize data script completed"
EchoAndLogMessage "Refer to logfile: $logfile for details."
callSendMail
anonymizeData.bat。如需瞭解詳細步驟,請參閱自動執行指令碼。
anonymizeData.bat