Re: [HOW TO] Create a Scheduled Task to Automatically Rotate the Centrify Auditing Database

[HOW TO] Create a Scheduled Task to Automatically Rotate the Centrify Auditing Database

By Centrify ‎06-13-2018 02:08 PM

This TechBlog describes how to create a scheduled task that will automatically rotate the Centrify Auditing audit store database on the first day of each month. You can easily modify the command described below to suit your requirements.

 

 

Installing the Centrify DirectAudit SDK

 

The DirectAudit SDK installer is included with the Centrify Suite download, within the ..\DirectAudit\SDK directory. It is available in both .exe and .msi installer types.

 

SDK.png 

 

Run the Centrify DirectAudit SDK64.exe installer file, agree to the EULA, and next, finish through the installation.

 

API_Install_Finish.png

 

The Auditing SDK includes four samples scripts that can be modified to suit your requirements. For our purposes, we will focus on the db_rotation.vbs script. For more information on all of the sample scripts, please refer to the Database Management Guide.

 

The sample scripts are located in C:\Program Files\Centrify\Audit\Audit API for Windows\Samples.

 

Samples_Dir.png

 

Creating the Scheduled Task

 

Open a PowerShell command prompt as Administrator, and change the directory to the location of the sample scripts.

 

cd ‘C:\Program Files\Centrify\Audit\Audit API for Windows\Samples’                                 

 

Next, we run a command that will add the db_rotation.vbs script as a scheduled task called ‘rotate_database’. It’s a long command, but I will break it down so that you can easily modify it match your environment.

 

Here is an example of what the command should look like:

 

schtasks.exe /Create /TN "rotate_database" /TR "cscript.exe 'C:\Program Files\Centrify\Audit\Audit API for Windows\Samples\db_rotation.vbs' DefaultInstallation Demo-Network@centrify.vms-AuditStore member.centrify.vms\CENTRIFY_SUITE AuditStore" /RU centrify\dbadmin /RP P4ssw0rd$ /RL Highest /SC Monthly /MO 1

 

The command contains the following components:

 

schtasks.exe /Create /TN <task_name> /TR <task_Command> /RU <run_as_user> /RP <run_as_user_password> /RL <run_level> /SC <recurrence_rate> /MO <recurrence_increment>

 

Where

 

  • task_name: rotate_database

 

  • task_command: cscript.exe 'C:\Program Files\Centrify\Audit\Audit API for Windows\Samples\db_rotation.vbs' DefaultInstallation Demo-Network@centrify.vms-AuditStore member.centrify.vms\CENTRIFY_SUITE AuditStore"

 

  • run_as_user: centrify\dbadmin

Note: I used a domain user (domain\user) for the run_as_user, but ‘NT AUTHORITY\SYSTEM’, or just ‘SYSTEM’ are also valid values.

 

  • run_as_user_password: P4ssw0rd$

Note: You must supply a password to enable the task to run even if the run as user is not logged in. If you choose to use ‘NT AUTHORITY\SYSTEM’ or ‘SYSTEM’, it does not require a password.

 

  • run_level: Highest

 

  • recurrence_rate: Monthly

 

  • recurrence_increment: 1

 

 

The task command consists of the following elements:

 

<parser> '<install_path>\<vbs_script>' <installation> <auditstore>

<db_server> <db_prefix>

 

Where

 

  • parser: cscript.exe

 

  • install_path: C:\Program Files\Centrify\Audit\Audit API for Windows\Samples

 

  • vbs_script: db_rotation.vbs

 

  • installation: DefaultInstallation

 

  • auditstore: Demo-Network@centrify.vms-AuditStore

 

  • db_server: centrify.vms\CENTRIFY_SUITE

 

  • db_prefix: AuditStore

Note: The db_prefix value can be whatever you want to name the audit database. A date stamp will be attached to the db_prefix to compose the new database name.

  

You can easily determine the installation, auditstore, and db_server values by viewing the Centrify Audit Manager console. See below.

 

 Command_Breakdown.png

 

After running the command, you should receive a SUCCESS message.

 

SUCCESS.png 

 

You should now be able to view the newly created task in Task Scheduler.

 

 Task_Scheduler.png

 

After the task runs, the newly created database is marked as active. The database that has been rotated out will remain attached. By default, the script is configured to detach rotated databases that are older than two years.

 

After_rotation.png 

 

If you right-click on the rotated database within the Centrify Audit Manager, you can choose to detach or delete it.

 

detach_delete.png 

 

You can download this article in PDF format below.

Comments
By Centrify Guru I
‎06-19-2018 04:57 PM

@Justin_Whyte,

 

To add to your article and to promote a best practice (never embed passwords within scripts) you can use or Centrify Privilege Service/Privilege Access Service to eliminate passwords from  your scripts.

 

You have two approaches or combine them:

 

a) You can onboard the Scheduled Task as a "Service" in CPS/PAS.

  • Create a Multiplex Account.
  • Onboard your service in CPS.
  • Push Password Management.

At this point you have secured the service with Privilege Access Service.

 

service.png

b) You can enroll the system running your scheduled task in to CPS (Using Enroll-CIPSystem) and have your script retrieve the password from the vault (Using Get-CIPAccount).

  • Register your service system with Privilege Access Service.
  • Grant the system identity the ability to check out the password.
  • Substitute the line with the password with the "Get-CIPAccount" command.

 

More details here:  https://community.centrify.com/t5/TechBlog/Labs-How-to-check-out-passwords-from-the-CLI-using-Centri...

 

We can expand on this on a part II of this article.  Happy to cooperate with you on this.

 

R.P

Showing results for 
Search instead for 
Do you mean 
Labels

Community Control Panel