Parsing HAR-formatted audit log files - PingAccess - 8.0

PingAccess

bundle
pingaccess-80
ft:publication_title
PingAccess
Product_Version_ce
PingAccess 8.0 (Latest)
category
Product
pa-80
pingaccess
ContentType_ce

Reformat a snapshot instance of a HAR-formatted audit log file so that you can view it or parse it with a HTTP Archive (HAR) reader.

Remember:

Before sharing any HAR data with a third-party application, carefully review the third-party application's permissions and sanitize any potentially sensitive information out of the log files.

  1. Download the jq command-line tool from https://stedolan.github.io/jq/download/.

    Select a jq version for the operating system that you deployed your PingAccess environment on.

    For more information on PingAccess operating system requirements, see System requirements.

  2. Create a file called pa-har-merge.jq.
    {
    log: {
      version: .[0].log.version,
      creator: .[0].log.creator,
      entries: (reduce .[] as $entry ([]; . + ($entry.log.entries | map(. + { _metadata: $entry.log._metadata }))))
      }
    }
    

    For examples of how to parse the PingAccess HAR-formatted log files with pa-merge-har.jq, see the following commands. These examples assume that:

    • You've set PA_HOME and PA_HAR_MERGE_HOME as environment variables that define the base paths to the PingAccess instance and the pa-merge-har.jq file respectively.
    • You're attempting to parse the HAR-formatted API audit log file.

    To filter requests based on request URL, run the command:

    cat $PA_HOME/log/pingaccess_api_audit_har.log | jq -s -f $PA_HAR_MERGE_HOME/pa-har-merge.jq | jq '.log.entries = [ .log.entries[] | select(.request.url != "/pa-admin-api/v3/adminSessionInfo/checkOnly") ]

    To output the HAR-formatted log file into a file format that's usable with a standard HAR viewer, run the command:

    cat $PA_HOME/log/pingaccess_api_audit_har.log | jq -s -f $PA_HAR_MERGE_HOME/pa-har-merge.jq > log.har
    Note:

    View the output log.har file with a standard HAR viewer, such as browser dev tools or the HTTP Archive Viewer.