Merge pull request #97 from sk-keeper/dev/sk

Bug fix: Export audit events to Splunk
Keeper-Security · Nov 2, 2018 · 53397e7 · 53397e7
2 parents f1c8d88 + 2c204fd
commit 53397e7
Showing 1 changed file with 15 additions and 16 deletions.
diff --git a/keepercommander/commands/enterprise.py b/keepercommander/commands/enterprise.py
@@ -1128,22 +1128,21 @@ def execute(self, params, **kwargs):
 
             if len(events) == 0:
                 finished = True
-            if finished or len(events) >= 500:
-                if len(events) > 0:
-                    if target == 'splunk':
-                        auth = { 'Authorization': 'Splunk {0}'.format(props['token']) }
-                        try:
-                            logging.captureWarnings(True)
-                            rs = requests.post(props['hec_url'], data='\n'.join(events), headers=auth, verify=False)
-                        finally:
-                            logging.captureWarnings(False)
-
-                        if rs.status_code == 200:
-                            store_record = True
-                        else:
-                            finished = True
-                    count += len(events)
-                    events.clear()
+            if len(events) > 0:
+                if target == 'splunk':
+                    auth = { 'Authorization': 'Splunk {0}'.format(props['token']) }
+                    try:
+                        logging.captureWarnings(True)
+                        rs = requests.post(props['hec_url'], data='\n'.join(events), headers=auth, verify=False)
+                    finally:
+                        logging.captureWarnings(False)
+
+                    if rs.status_code == 200:
+                        store_record = True
+                    else:
+                        finished = True
+                count += len(events)
+                events.clear()
 
         if store_record:
             print('Exported {0} audit event{1}'.format(count, 's' if count != 1 else ''))