jonathanhle/pritunl_mongo_audit_query.py

## pritunl_mongo_audit_query.py
# Requires pymongo 3.6.0+
from datetime import datetime, timedelta
from pymongo import MongoClient
from bson.tz_util import FixedOffset
from bson.son import SON
from collections import OrderedDict


# Setup logger
import logging
import logging.handlers
import syslog

logger = logging.getLogger('myLogger')
logger.setLevel(logging.INFO)

#add handler to the logger
handler = logging.handlers.SysLogHandler(address = '/dev/log')

#add formatter to the handler
formatter = logging.Formatter('%(module)s.%(funcName)s: %(message)s')

handler.setFormatter(formatter)
logger.addHandler(handler)

# Get 5 minutes previous ISO
fiveminutespast = (datetime.now() - timedelta(minutes=5)).strftime("%Y-%m-%d %H:%M:%S.%f")

client = MongoClient("mongodb://{{ mongodb_host }}:{{ mongodb_port }}/", document_class=OrderedDict)
database = client["pritunl"]
collection = database["users_audit"]

pipeline = [
    {
        u"$lookup": {
            u"from": u"users",
            u"localField": u"user_id",
            u"foreignField": u"_id",
            u"as": u"matched_user"
        }
    },
    {
        u"$unwind": {
            u"path": u"$matched_user"
        }
    },
    {
        u"$match": {
            u"timestamp": {
                u"$gte": datetime.strptime(fiveminutespast, "%Y-%m-%d %H:%M:%S.%f").replace(tzinfo = FixedOffset(0, "+0000"))

            }
        }
    },
    {
        u"$project": {
            u"_id": 0.0,
            u"user_id": 1.0,
            u"remote_addr": 1.0,
            u"timestamp": 1.0,
            u"org_id": 1.0,
            u"message": 1.0,
            u"type": 1.0,
            u"matched_user.auth_type": 1.0,
            u"matched_user.name": 1.0,
            u"matched_user.type": 1.0,
            u"matched_user.email": 1.0
        }
    },
    {"$sort": SON([("count", -1), ("_id", -1)])}
]

cursor = collection.aggregate(
    pipeline,
    allowDiskUse = False
)

try:
    for doc in cursor:
        logger.info(doc)

# All output goes to syslog; uncomment the following line to troubleshoot
#        print(doc)
finally:
    client.close()
	# Requires pymongo 3.6.0+
	from datetime import datetime, timedelta
	from pymongo import MongoClient
	from bson.tz_util import FixedOffset
	from bson.son import SON
	from collections import OrderedDict


	# Setup logger
	import logging
	import logging.handlers
	import syslog

	logger = logging.getLogger('myLogger')
	logger.setLevel(logging.INFO)

	#add handler to the logger
	handler = logging.handlers.SysLogHandler(address = '/dev/log')

	#add formatter to the handler
	formatter = logging.Formatter('%(module)s.%(funcName)s: %(message)s')

	handler.setFormatter(formatter)
	logger.addHandler(handler)

	# Get 5 minutes previous ISO
	fiveminutespast = (datetime.now() - timedelta(minutes=5)).strftime("%Y-%m-%d %H:%M:%S.%f")

	client = MongoClient("mongodb://{{ mongodb_host }}:{{ mongodb_port }}/", document_class=OrderedDict)
	database = client["pritunl"]
	collection = database["users_audit"]

	pipeline = [
	{
	u"$lookup": {
	u"from": u"users",
	u"localField": u"user_id",
	u"foreignField": u"_id",
	u"as": u"matched_user"
	}
	},
	{
	u"$unwind": {
	u"path": u"$matched_user"
	}
	},
	{
	u"$match": {
	u"timestamp": {
	u"$gte": datetime.strptime(fiveminutespast, "%Y-%m-%d %H:%M:%S.%f").replace(tzinfo = FixedOffset(0, "+0000"))

	}
	}
	},
	{
	u"$project": {
	u"_id": 0.0,
	u"user_id": 1.0,
	u"remote_addr": 1.0,
	u"timestamp": 1.0,
	u"org_id": 1.0,
	u"message": 1.0,
	u"type": 1.0,
	u"matched_user.auth_type": 1.0,
	u"matched_user.name": 1.0,
	u"matched_user.type": 1.0,
	u"matched_user.email": 1.0
	}
	},
	{"$sort": SON([("count", -1), ("_id", -1)])}
	]

	cursor = collection.aggregate(
	pipeline,
	allowDiskUse = False
	)

	try:
	for doc in cursor:
	logger.info(doc)

	# All output goes to syslog; uncomment the following line to troubleshoot
	# print(doc)
	finally:
	client.close()