const _ = require("lodash");
const async = require("async");
const azureArmManagementGroup = require("@azure/arm-managementgroups");
const azureMsRest = require("@azure/ms-rest-js");
const providerCredentials = require("./credentials");
const util = require("util");
async function listEvents($) {
try {
const credentials = await providerCredentials.credentials();
const tokenCreds = new azureMsRest.TokenCredentials(credentials.token);
const client = new azureArmManagementGroup.ManagementGroupsAPI(tokenCreds, {
baseUri: credentials.resourceUri
});
let filterString,
startTime = new Date();
if ($.window) {
startTime = new Date(startTime.getTime() - duration * 60 * 1000);
startTime.setSeconds(0);
startTime.setMilliseconds(0);
}
filterString = startTime
? `&$filter=eventTimestamp ge '${startTime.toISOString()}'`
: "";
let options = {
method: "GET",
url: `${credentials.baseUri}/providers/microsoft.insights/eventtypes/management/values?api-version=2015-04-01${filterString}`
};
var events = [];
let eventNames = [];
let count = 0;
let nextPageLink = null;
console.log(`REQUEST URL: ${options.url}`);
// Pagination for the list audit events
do {
res = await client.sendRequest(options);
if (count === 0) {
console.log("Request Header:\n", res.headers);
}
if (res.parsedBody) {
events = events.concat(res.parsedBody.value);
nextPageLink = res.parsedBody["nextLink"];
}
options.url = nextPageLink;
count++;
} while (nextPageLink);
console.log("Total Request: ", count);
console.log("Total Events: ", events.length);
for (event of events) {
eventNames.push(event.operationName.value.toLowerCase());
}
console.log(_.uniq(eventNames));
} catch (error) {
console.log(error);
}
}
let $ = {
duration: 5 * 24 * 60 // 5 Days
};
listEvents($);
当我在AWS的{{1}}的VM中的代码上方运行代码时,当我在印度的系统上本地运行相同代码时,输出会有所不同。
输出:在us-east-2中运行 请求标头:
us-east-2(Ohio) 'x-ms-request-id':
{ name: 'x-ms-request-id',
value: 'EastUS_18ba66b9121543f0af88596a36574c62_637269526758981055' },
'x-ms-routing-request-id':
{ name: 'x-ms-routing-request-id',
value:
'CANADACENTRAL:20200605T111756Z:b22e1972-5c3a-4c55-b924-7bdbfbccaa73' },
输出:在本地运行时 请求标头:
Total Request: 19
Total Events: 3710
[ 'microsoft.management/getentities/action',
'microsoft.resources/checkresourcename/action',
'microsoft.authorization/roleassignments/write',
'microsoft.portal/consoles/keepalive/action',
'microsoft.portal/consoles/delete' ]
'x-ms-request-id': {
name: 'x-ms-request-id',
value: 'SouthEastAsia_f5e155e68daf42b6992a1480e5f4e5b3_637269528187518811'
},
'x-ms-routing-request-id': {
name: 'x-ms-routing-request-id',
value: 'WESTINDIA:20200605T112018Z:6f71d760-7eb2-455f-9f4d-4154bb9c4bf8'
}
我需要以下事件,但不需要进入服务器上的us-east-2地区
Total Request: 14
Total Events: 2758
[
'microsoft.management/getentities/action',
'microsoft.resources/checkresourcename/action',
'microsoft.costmanagement/settings/write',
'microsoft.management/managementgroups/write',
'microsoft.management/tenantbackfillstatus/action',
'microsoft.management/checknameavailability/action',
'microsoft.management/managementgroups/delete',
'internal.telemetry/collect/action',
'microsoft.portal/consoles/write',
'microsoft.portal/usersettings/write',
'microsoft.authorization/roleassignments/write',
'microsoft.management/managementgroups/subscriptions/write'
]
有什么建议吗?