search cancel

VIP Authentication Hub : Export VIP Authentication Hub audit logs


Article ID: 254201


Updated On:


VIP Authentication Hub


There is no option in VIP Auth Hub to export all the audit logs to a file.

For auditing purposes all logs available in VIP Auth Hub need to be exported.
What are the available options?


Release : AuthHub Release October.01.2022( M9)


Following Open Source Tool can help to export the logs

Export Data from ElasticSearch to CSV by Raw or Lucene Query (e.g. from Kibana). Works with ElasticSearch 6+ (OpenSearch works too) and makes use of ElasticSearch's Scroll API and Go's concurrency possibilities to work as fast as possible.

Download a pre-compiled binary for your operating system from here: You need just this binary. It works on OSX (Darwin), Linux and Windows.

es-query-export -c "http://localhost:9200" -i "logstash-*" --start="2019-04-04T12:15:00" --fields="RemoteHost,RequestTime,Timestamp,RequestUri,RequestProtocol,Agent" -q "RequestUri:*export*"
CLI Options
Flag Default  
-h --help   show help
-v --version   show version
-c --connect http://localhost:9200 URI to ElasticSearch instance
-i --index logs-* name of index to use, use globbing characters * to match multiple
-q --query   Lucene query to match documents (same as in Kibana)
--fields   define a comma separated list of fields to export
-o --outfile output.csv name of output file
-f --outformat csv format of the output data: possible values csv, json, raw
-r --rawquery   optional raw ElasticSearch query JSON string
-s --start   optional start date - Format: YYYY-MM-DDThh:mm:ss.SSSZ. or any other Elasticsearch default format
-e --end   optional end date - Format: YYYY-MM-DDThh:mm:ss.SSSZ. or any other Elasticsearch default format
--timefield   optional time field to use, default to @timestamp
--verifySSL true optional define how to handle SSL certificates
--user   optional username
--pass   optional password
--size 1000 size of the scroll window, the more the faster the export works but it adds more pressure on your nodes
--trace false enable trace mode to debug queries send to ElasticSearch
Output Formats
csv - all or selected fields separated by comma (,) with field names in the first line
json - all or selected fields as JSON objects, one per line
raw - JSON dump of matching documents including id, index and _source field containing the document data. One document as JSON object per line.

Following is a sample command tested in VIP Auth Hub lab environment.

elastic-query-export -c "" -i "ssp_*" --start="2022-11-08T06:33:57.544Z" -q "*" --size=10000

Another similar tool is elasticsearch-dump