-
Notifications
You must be signed in to change notification settings - Fork 23
/
Compress and Upload System Logs - Linux.bes
52 lines (46 loc) · 3.17 KB
/
Compress and Upload System Logs - Linux.bes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
<?xml version="1.0" encoding="UTF-8"?>
<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
<Task>
<Title>Compress and Upload System Logs - Linux</Title>
<Description><![CDATA[<enter a description of the task here> ]]></Description>
<Relevance>unix of operating system</Relevance>
<Relevance>exists (folders "log" of it; /* Unix Log Folder: */ folders "adm" of it) of folders "/var"</Relevance>
<Relevance>exists files whose(exists (it as lowercase) whose(it starts with "audit" OR it starts with "auth" OR it starts with "messages") of name of it) of (folders "audit" of it; folders "authlog" of it; it) of (folders "log" of it; /* Unix Log Folder: */ folders "adm" of it) of folders "/var"</Relevance>
<Category></Category>
<Source>Internal</Source>
<SourceID></SourceID>
<SourceReleaseDate>2020-04-10</SourceReleaseDate>
<SourceSeverity></SourceSeverity>
<CVENames></CVENames>
<SANSID></SANSID>
<MIMEField>
<Name>x-fixlet-modification-time</Name>
<Value>Fri, 10 Apr 2020 16:12:18 +0000</Value>
</MIMEField>
<MIMEField>
<Name>X-Relevance-Evaluation-Period</Name>
<Value>12:00:00</Value>
</MIMEField>
<Domain>BESC</Domain>
<DefaultAction ID="Action1">
<Description>
<PreLink>Click </PreLink>
<Link>here</Link>
<PostLink> to deploy this action.</PostLink>
</Description>
<ActionScript MIMEType="application/x-Fixlet-Windows-Shell"><![CDATA[
// get log paths:
// ("%22" & it & "%22") of concatenations "%22 %22" of pathnames of files whose(exists (it as lowercase) whose(it starts with "audit" OR it starts with "auth" OR it starts with "messages") of name of it) of (folders "audit" of it; folders "authlog" of it; it) of (folders "log" of it; /* Unix Log Folder: */ folders "adm" of it) of folders "/var"
parameter "archive"="{(current year as string) & (current month as two digits) & (current day_of_month as two digits)}_Events_And_Audit_Logs.tar.gz"
delete "/tmp/{ parameter "archive" }"
wait tar -czf "/tmp/{ parameter "archive" }" { ("%22" & it & "%22") of concatenations "%22 %22" of pathnames of files whose(exists (it as lowercase) whose(it starts with "audit" OR it starts with "auth" OR it starts with "messages") of name of it) of (folders "audit" of it; folders "authlog" of it; it) of (folders "log" of it; /* Unix Log Folder: */ folders "adm" of it) of folders "/var" }
if { not exists (it as integer) whose(it > 1000 + sum of sizes of files whose( name of it starts with (parameter "archive") ) of folders "/tmp") of values of settings "_BESClient_ArchiveManager_MaxArchiveSize" of client }
setting "_BESClient_ArchiveManager_MaxArchiveSize"="{1000 + sum of sizes of files whose( name of it starts with (parameter "archive") ) of folders "/tmp"}" on "{parameter "action issue date" of action}" for client
endif
setting "_BESClient_ArchiveManager_OperatingMode"="2" on "{parameter "action issue date" of action}" for client
setting "_BESClient_ArchiveManager_FileSet-Logs_{computer name}"="/tmp/{ parameter "archive" }" on "{parameter "action issue date" of action}" for client
archive now
]]></ActionScript>
</DefaultAction>
</Task>
</BES>