https://docs.jumpserver.org/zh/master/dev/rest_api/
jumpserver版本:>=2.6.0脚本获取命令记录转日志文件处理方式:
首次运行时,判断日志文件是否为空
日志文件为空时拉取所有的命令记录保存到日志文件
日志文件不为空时拉取5分钟前的命令记录,如果获取数据不为空则写入文件
logfile
command_storage_id
jms_url
username
password
脚本中的变量command_storage_id的值如何获取:
# -*- coding:utf-8 -*-
'''
@Author: l
@File: jumservertest.py
@CreateTime: 2022/5/5 11:00
'''
import datetime
import requests, json
import logging
from os import path
import json
# 定义日志保留路径
logfile = '/data/logs/jumpserver.log'
#存储位置ID
command_storage_id = '45e831e7-0e92-4c8c-a400-1ae852d837bb'
#定义日志格式
logging.basicConfig(filename=logfile,
format='%(levelname)s: %(message)s',
datefmt='%Y-%m-%d %H:%M:%S',
level=20)
def get_token(jms_url, username, password):
url = jms_url + '/api/v1/authentication/auth/'
query_args = {
"username": username,
"password": password
}
response = requests.post(url, data=query_args)
return json.loads(response.text)['token']
def get_cammand_log(jms_url, token):
url = jms_url + '/api/v1/terminal/commands/'
times = (datetime.datetime.now() - datetime.timedelta(minutes=5)).strftime("%Y-%m-%dT%H:%M")
headers = {
"Authorization": 'Bearer ' + token,
'X-JMS-ORG': '00000000-0000-0000-0000-000000000002',
}
data = {
'command_storage_id': command_storage_id,
'order': 'timestamp',
'date_from': times
}
datainit = {
'command_storage_id': command_storage_id,
'order': 'timestamp',
}
paramdata = data if path.getsize(logfile) else datainit
response = requests.get(url, headers=headers, params=paramdata)
if response.json():
for data in response.json():
item=json.dumps(data, ensure_ascii=False)
item=eval(item)
logging.info(
'{},{},{},{},{},{},{}'.format(item.get('input'), item.get('risk_level_display'), item.get('user'),
item.get('remote_addr'),
item.get('asset'), item.get('system_user'),
item.get('timestamp_display')))
else:
print('no recored')
if __name__ == '__main__':
jms_url = 'http://ip'
username = '账号'
password = '密码'
token = get_token(jms_url, username, password)
get_cammand_log(jms_url, token)
生成日志文件格式如下:
