Introduction

  • Users might be interested in automatically receiving reports about the JS7 - Audit Log that state what changes have been applied to scheduling objects, at what date and time, by whom and for what reason.
    • Such reports include similar information to that which is available from the JOC Cockpit's Audit Log view.
    • The reports are provided as Excel® files similar to those which are available for export from the JOC Cockpit Audit Log view.
  • Such reports can be scheduled, for example on a daily basis, to provide ongoing information about changes to scheduling objects.

Report the Audit Log from a Job

Audit Log reports can be automated by by JS7 jobs. The following PowerShell modules are used for this purpose:

The Get-JS7AuditLog cmdlet is used to retrieve Audit Log items and to forward them to the ImportExcel module within a job. The job is the same for Windows and Unix.

A sample report is available for download that also includes the report's Audit-Log worksheet: jobscheduler_reporting.xlsx

First Line of the Job

The only difference between platforms is the way how PowerShell is invoked with the first line of the job.

Shebang for PowerShell Job with Unix
#!/usr/bin/env pwsh

Explanation:

  • Use of a shebang allows to invoke the pwsh PowerShell executable.


Shebang for PowerShell Job with Windows
@@setlocal enabledelayedexpansion & set f=%RANDOM%.ps1 & @@findstr/v "^@@[fs].*&" "%~f0" > !f! & powershell.exe -NonInteractive -File !f! & set e=!errorlevel! & del /q !f! & exit !e!/b&

Explanation:

  • Credits for the Windows shebang replacement to How to run a PowerShell script within a Windows batch file
  • If you consider this shebang replacement somewhat cryptic then add it to JS7 - Script Includes which are easily referenced from a shell job, for example, by using ##!include pwsh
  • The PowerShell executable pwsh.exe is available starting from PowerShell 6.0. PowerShell releases 5.x use the executable powershell.exe that can be specified accordingly with the shebang.

Job Implementation

Please note that the job listed below is an example that has to be modified for your environment.

Download (.json upload)jdAuditLogReport.workflow.json


Audit Log Report Job
@@findstr/v "^@@f.*&" "%~f0"|pwsh.exe -&goto:eof

Import-Module ImportExcel
Import-Module JS7

$credentials = ( New-Object -typename System.Management.Automation.PSCredential -ArgumentList 'root', ( 'root' | ConvertTo-SecureString -AsPlainText -Force) )
Connect-JS7 -Url $env:JS7_JOC_URL -Credentials $credentials -Id $env:JS7_CONTROLLER_ID | Out-Null

# Dates in local time zone, output includes local date format
Get-JS7AuditLog -Timezone (Get-Timezone) `
                |  Select-Object -Property @{name="Account"; expression={$_.account}}, `
                                           @{name="Category"; expression={$_.category}}, `
                                           @{name="Controller ID"; expression={$_.controllerId}}, `
                                           @{name="ID"; expression={$_.id}}, `
                                           @{name="Parameters"; expression={$_.parameters}}, `
                                           @{name="Request"; expression={$_.request}}, `
                                           @{name="Created"; expression={(Get-Date $_.created)}} `
                | Export-Excel -Path /tmp/jobscheduler_reporting.xlsx -WorksheetName "Audit-Log" -ClearSheet
							
Write-Output ".. report created: /tmp/jobscheduler_reporting.xlsx"

Explanation:

  • Line 1: The job is executed by a Windows Agent and makes use of the PowerShell shebang for Windows, as explained above.
  • Line 3-4: The required PowerShell modules are imported. They could be installed in any location in the file system.
  • Line 6-7: The Connect-JS7 cmdlet is used to authenticate with the JS7 REST Web Service API. The arguments required for -Url , -Credentials and -Id can be specified in a number of ways:
  • Line 10: The Get-JS7AuditLog cmdlet is invoked:
    • with the -Timezone parameter which specifies the time zone to which date values in the report should be converted. The -Timezone (Get-Timezone) parameter value specifies that the time zone of the Agent's server is used. Otherwise the desired time zone can be specified, for example like this: -Timezone (Get-Timezone -Id 'GMT Standard Time'). When this parameter is not specified then any date values will be stored in the report as UTC dates.
    • optionally with additional parameters, for example to specify the date or date range which the report is being created for.  A value -RelativeDateTo +7d specifies that the report should cover the next 7 days (until midnight). Keep in mind that dates have to be specified for the UTC time zone. Without this parameter the report will be created for the next day.
    • see the Get-JS7AuditLog cmdlet for a full parameter reference.
  • Line 11-17: From the output of the Get-JS7AuditLog cmdlet a number of properties are selected and and are specified for the sequence in which they should occur in the report. 
    • To add more appropriate column headers the property names are mapped to a more readable textual representation.
    • Note the handling of date formats in line 17. Use of the Get-Date cmdlet converts the output format of dates (not the time zone) to the default format that is in place on the Agent's server. Without using the Get-Date cmdlet any date values will be stored to the report in ISO format, e.g. 2020-12-31 10:11:12+02:00 for a date in the European central time zone that is UTC+1 in winter time and UTC+2 in summer time.
  • Line 18: The list of properties for each Audit Log item is piped to the Export-Excel cmdlet which is available with the ImportExcel PowerShell Module. The report file name is specified and optionally the worksheet. For a full list of parameters see the ImportExcel PowerShell Module article.

Further Resources

  • The Audit Log Report does not include login/logout information for user accounts. In some countries such information is subject to data protection laws. Therefore this information is available exclusively with a log file that is accessible to system administrators and that can be used in compliance with applicable law.
  • Reporting is by nature about the past. Users who look for in-real time information can consider reporting Audit Log output directly to a syslog server.