使用本節中的指令碼,來自動執行遮罩「活動報表」或「存取日誌」中資訊的程序,以遵守隱私法以及 (選擇性) 透過電子郵件將報表傳送給收件者。
因為某些國家有嚴格的隱私法,活動報表和存取日誌中的資訊可能必須避免服務管理員看見,以保護使用者的隱私。
您可以使用 anonymizeData.bat
來遮罩活動報表或存取日誌中的資訊,以遵守隱私法以及選擇性透過電子郵件傳送。若要遮罩資訊,請使用 Windows 排程器來排定此指令碼或其變化版本,每天在每個環境的每日維護程序完成之後立即執行。
請使用下列資訊來源:
您需要複製下列程序中提供的 Windows 指令碼來手動建立 anonymizeData.bat
,並使用 Windows 排程器來排定它。如果不是使用 Windows 來排定,您可以建立和執行類似的平台適用指令碼。
anonymizeData.bat
是包裝函式指令碼,將會執行您依下列程序所述來建立和更新的 anonymizeData.ps1
指令碼。
如果密碼包含特殊字元,請參閱處理特殊字元
anonymizeData.bat
的批次 (BAT
) 檔案,其包含下列指令碼,並將其儲存在方便的位置,例如,C:\automate_scripts
。
@echo off set paramRequiredMessage=Syntax: anonymizeData.bat USERNAME PASSWORD/PASSWORD_FILE URL [EMAIL_TO_ADDRESS] if "%~1" == "" ( echo User Name is missing. echo %paramRequiredMessage% exit /b 1 ) if "%~2" == "" ( echo Password or Password_File is missing. echo %paramRequiredMessage% exit /b 1 ) if "%~3" == "" ( echo URL is missing. echo %paramRequiredMessage% exit /b 1 ) PowerShell.exe -File anonymizeData.ps1 %*
anonymizeData.ps1
的 PowerShell 指令碼 (PS1
) 檔案,其包含下列指令碼,並將其儲存在方便的位置,例如,C:\automate_scripts
。
# Anonymize data script $username=$args[0] $password=$args[1] $url=$args[2] $emailtoaddress=$args[3] # Generic variables $date=$(get-date -f dd_MM_yy_HH_mm_ss) $datedefaultformat=$(get-date) $logdir="./logs/" $logfile="$logdir/anonymize-data-" + $date + ".log" $filelist="filelist.txt" function LogMessage { $message=$args[0] echo "$message" >> $logfile } function EchoAndLogMessage { $message=$args[0] echo "$message" echo "$message" >> $logfile } function Init { $logdirexists=Test-Path $logdir if (!($logdirexists)) { mkdir $logdir 2>&1 | out-null } $logfileexists=Test-Path $logfile if ($logfileexists) { rm $logfile 2>&1 | out-null } $filelistexists=Test-Path $filelist if ($filelistexists) { rm $filelist 2>&1 | out-null } } function ProcessCommand { $op=$args echo "EPM Automate operation: epmautomate.bat $op" >> $logfile if ($op -eq 'listfiles') { epmautomate.bat $op | where {$_ -like ' apr/*/access_log.zip'} | Tee-Object -FilePath $filelist | Out-File $logfile -Append 2>&1 } else { epmautomate.bat $op >> $logfile 2>&1 if ($LASTEXITCODE -ne 0) { echo "EPM Automate operation failed: epmautomate.bat $op. See $logfile for details." #exit } } } function RunEpmAutomateCommands { EchoAndLogMessage "Running EPM Automate commands to anonymize data in the access logs and activity reports." ProcessCommand login $username $password $url ProcessCommand listfiles ProcessFiles ProcessCommand logout } function ProcessActivityReport { $activityreport=$args[0] $user=$args[1] $activityreportexists=Test-Path "$activityreport" if ($activityreportexists) { LogMessage "Removing User ID: $user from activity report $activityreport" (Get-Content "$activityreport").replace("$user", 'XXXXX') | Set-Content "$activityreport" $txt = [io.file]::ReadAllText("$activityreport") -replace "`r`n","`n" [io.file]::WriteAllText("$activityreport", $txt) #Get-ChildItem -File -Recurse | % { $x = get-content -raw -path $activityreport; $x -replace "`r`n","`n" | set-content -path $activityreport } } } function AnonymizeData { $aprdir=$args[0] $datestampdir=$args[1] $path="$aprdir/$datestampdir" $accesslogzipped="access_log.zip" $accesslog="access_log.csv" $accesslogupdated=$accesslog + ".tmp" $activityreportfile="$datestampdir" + ".html" $userArray = @() expand-Archive -Path "$path/$accesslogzipped" -DestinationPath $path rm $path/$accesslogzipped 2>&1 | out-null $accesslogexists=Test-Path "$path/$accesslog" if ($accesslogexists) { EchoAndLogMessage "Processing access log: $path/$accesslog" Get-Content $path/$accesslog | ForEach-Object { $elements=[regex]::Split( $_ , ',(?=(?:[^"]|"[^"]*")*$)' ) $date=$elements[0] $time=$elements[1] $uri=$elements[2] $duration=$elements[3] $bytes=$elements[4] $ip=$elements[5] $user=$elements[6] $screen=$elements[7] $action=$elements[8] $object=$elements[9] if ($date -like 'Date') { echo "$_" >> $path/$accesslogupdated } else { if ($user -notlike '-') { LogMessage "Removing instance of User ID: $user from $path/$accesslog." echo "$date,$time,$uri,$duration,$bytes,$ip,XXXXX,$screen,$action,$object" >> $path/$accesslogupdated $userArray += $user } else { echo "$date,$time,$uri,$duration,$bytes,$ip,$user,$screen,$action,$object" >> $path/$accesslogupdated } } } #Get-ChildItem -File -Recurse | % { $x = get-content -raw -path $path/$accesslogupdated; $x -replace "`r`n","`n" | set-content -path $path/$accesslogupdated } $txt = [io.file]::ReadAllText("$path/$accesslogupdated") -replace "`r`n","`n" [io.file]::WriteAllText("$path/$accesslogupdated", $txt) mv -Force $path/$accesslogupdated $path/$accesslog Compress-Archive -Path $path/$accesslog $path/$accesslogzipped rm $path/$accesslog 2>&1 | out-null } EchoAndLogMessage "Processing activity report: $path/$activityreportfile" $userArray = $userArray | Select-Object -Unique foreach ($element in $userArray) { ProcessActivityReport "$path/$activityreportfile" "$element" } } function ProcessFiles { # Loop through iteration csv file and parse Get-Content $filelist | ForEach-Object { $fullpath=$_.trim() $elements=$fullpath.split('/') $aprdir=$elements[0] $datestampdir=$elements[1] $accesslogfile="access_log.zip" $activityreportfile="$datestampdir" + ".html" $datestampdirexists=Test-Path "$aprdir/$datestampdir" $accesslog="$aprdir/$datestampdir/$accesslogfile" $activityreport="$aprdir/$datestampdir/$activityreportfile" echo "fullpath: $fullpath" >> $logfile echo "aprdir: $aprdir, datestampdir: $datestampdir" >> $logfile if (!($datestampdirexists)) { mkdir "$aprdir/$datestampdir" -ea 0 2>&1 | out-null ProcessCommand downloadfile "$accesslog" ProcessCommand downloadfile "$activityreport" mv "$accesslogfile" "$aprdir/$datestampdir" mv "$activityreportfile" "$aprdir/$datestampdir" AnonymizeData "$aprdir" "$datestampdir" ProcessCommand deletefile "$accesslog" ProcessCommand deletefile "$activityreport" ProcessCommand uploadfile "$accesslog" "$aprdir/$datestampdir" ProcessCommand uploadfile "$activityreport" "$aprdir/$datestampdir" } else { EchoAndLogMessage "Files in directory $aprdir/$datestampdir were processed earlier. Skipping these files." } } } function callSendMail { $elements=$logfile.split('/') $logfilename=$elements[3] if (${emailtoaddress} -match "@") { epmautomate.bat login ${username} ${password} ${url} epmautomate.bat uploadFile "$logfile" epmautomate.bat sendMail $emailtoaddress "Mask Access Logs and Activity Reports results" Body="The results of running the Mask Access Logs and Activity Reports script are attached." Attachments=$logfilename epmautomate.bat deleteFile "$logfilename" epmautomate.bat logout } } Init EchoAndLogMessage "Starting the anonymize data script" RunEpmAutomateCommands EchoAndLogMessage "Anonymize data script completed" EchoAndLogMessage "Refer to logfile: $logfile for details." callSendMail
anonymizeData.bat
。如需瞭解詳細步驟,請參閱自動執行指令碼。
anonymizeData.bat