Retrieving Azure Audit Log API Using Python
Pada posting berjudul "Retrieving Azure Audit Log API Using Python" ini akan saya bagikan script untuk mendapatkan data analytical log di Azure. Biasanya menggunakan PowerShell untuk mendapatkan data audit log tetapi pada posting kali ini kita akan memanggil API yang telah disediakan.
Yang perlu kita lakukan adalah melakukan login untuk mendapatkan token. Kemudian token tersebut kita gunakan sebagai header authorization.
Hasil dari API pertama akan menghasilkan banyak link API lain yang berisi konten data. Sehingga kita perlu memanggil setiap link tersebut agar konten data dapat diambil dengan menggunakan token yang sama seperti API pertama.
Dibawah ini script sample-nya yang langsung disimpan kedalam SQL Server Database.
import urllib
import json
import time
import requests
import pyodbc
from datetime import datetime, timedelta
#reference : https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#StartSubscription
url = 'https://login.windows.net/xxxxx.onmicrosoft.com/oauth2/token?api-version=1.0'
print("Requesting token ... please wait!")
print("")
cdate = datetime.now().strftime("%Y/%m/%d %H:%M:%S")
data = {
'grant_type':'client_credentials',
'scope':'openid',
'resource':'https://manage.office.com',
'client_id':'xxxxx',
'client_secret': 'xxxxx'
}
response = requests.post(url,data=data).json()
access_token = response['access_token']
print("Token ", response)
print("")
print("Requesting audit log data ... please wait!")
print("")
logname = r"Audit.General"
date_param = (datetime.today() - timedelta(days=1)).strftime("%Y-%m-%d")
url = 'https://manage.office.com/api/v1.0/xxxxx/activity/feed/subscriptions/content?contenttype=' + \
logname + '&startTime=' + date_param + 'T00:00:00&endTime=' + date_param + 'T23:59:59&PublisherIdentifier=ae6627ad-4b20-466d-821c-fd9ee7a25a55'
header = {'Content-Type': 'application/json; utf-8', 'Authorization': 'Bearer %s' % (access_token)}
response = requests.get(url, headers=header)
print("Response Status", response.status_code)
data = json.loads(response.text)
list_detail = []
def get_data(url, access_token):
header = {'Content-Type': 'application/json; utf-8', 'Authorization': 'Bearer %s' % (access_token)}
response = requests.get(url, headers=header)
print("Saving log into database ....")
data = response.text.split('},')
for item in data:
save_into_sql(item.replace('{"', '"').replace("[","").replace("}]",""), cdate)
def save_into_sql(log, date):
try:
server = 'xxxxx.database.windows.net'
database = 'xxxxx'
username = 'xxxxx'
password = 'xxxxx'
driver = '{ODBC Driver 17 for SQL Server}'
connection = pyodbc.connect('DRIVER=' + driver + ';SERVER=' + server + ';PORT=1433;DATABASE=' + database + ';UID=' + username + ';PWD=' + password)
cursor = connection.cursor()
cursor.execute("insert into history.audit_log_general values ('" + log + "','" + date + "');")
connection.commit()
except Exception as e:
print(e)
n = 1
total = len(data)
for item in data:
print("(" + str(n) + "/" + str(total) + ")")
print("Retrieving from ...", item['contentUri'])
get_data(item['contentUri'], access_token)
print("")
print("Pause for a second ....")
time.sleep(2)
print("")
import json
import time
import requests
import pyodbc
from datetime import datetime, timedelta
#reference : https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#StartSubscription
url = 'https://login.windows.net/xxxxx.onmicrosoft.com/oauth2/token?api-version=1.0'
print("Requesting token ... please wait!")
print("")
cdate = datetime.now().strftime("%Y/%m/%d %H:%M:%S")
data = {
'grant_type':'client_credentials',
'scope':'openid',
'resource':'https://manage.office.com',
'client_id':'xxxxx',
'client_secret': 'xxxxx'
}
response = requests.post(url,data=data).json()
access_token = response['access_token']
print("Token ", response)
print("")
print("Requesting audit log data ... please wait!")
print("")
logname = r"Audit.General"
date_param = (datetime.today() - timedelta(days=1)).strftime("%Y-%m-%d")
url = 'https://manage.office.com/api/v1.0/xxxxx/activity/feed/subscriptions/content?contenttype=' + \
logname + '&startTime=' + date_param + 'T00:00:00&endTime=' + date_param + 'T23:59:59&PublisherIdentifier=ae6627ad-4b20-466d-821c-fd9ee7a25a55'
header = {'Content-Type': 'application/json; utf-8', 'Authorization': 'Bearer %s' % (access_token)}
response = requests.get(url, headers=header)
print("Response Status", response.status_code)
data = json.loads(response.text)
list_detail = []
def get_data(url, access_token):
header = {'Content-Type': 'application/json; utf-8', 'Authorization': 'Bearer %s' % (access_token)}
response = requests.get(url, headers=header)
print("Saving log into database ....")
data = response.text.split('},')
for item in data:
save_into_sql(item.replace('{"', '"').replace("[","").replace("}]",""), cdate)
def save_into_sql(log, date):
try:
server = 'xxxxx.database.windows.net'
database = 'xxxxx'
username = 'xxxxx'
password = 'xxxxx'
driver = '{ODBC Driver 17 for SQL Server}'
connection = pyodbc.connect('DRIVER=' + driver + ';SERVER=' + server + ';PORT=1433;DATABASE=' + database + ';UID=' + username + ';PWD=' + password)
cursor = connection.cursor()
cursor.execute("insert into history.audit_log_general values ('" + log + "','" + date + "');")
connection.commit()
except Exception as e:
print(e)
n = 1
total = len(data)
for item in data:
print("(" + str(n) + "/" + str(total) + ")")
print("Retrieving from ...", item['contentUri'])
get_data(item['contentUri'], access_token)
print("")
print("Pause for a second ....")
time.sleep(2)
print("")
Semoga posting berjudul "Retrieving Azure Audit Log API Using Python" diatas dapat bermanfaat.
Salam,
