nestoru/spring-impersonation-audit.awk

## spring-impersonation-audit.awk
#!/usr/bin/awk
# spring-impersonation-audit.awk
# author: Nestor Urquiza
# date: 20151123
# description: Lists users and impersonated users per request

{
  if(!usernames[$8] && match($0,"login.*j_username")){
    usernames[$8]=gensub(/^.*j_username=([^& ]*)[& ].*$/,"\\1","g");
  }
  sessionids[$9]=$8;
  others[$9]=$1" "$2" "$7;
  if(match($0,"switchUser.*j_username")){
    impersonated[$8]=gensub(/^.*j_username=([^& ]*)[& ].*$/,"\\1","g");
  }
  if(match($0,"switchUserExit.*")){
    impersonated[$8]="na";
  }
  if(impersonated[$8]){
    impersonatedUserNames[$9]=impersonated[$8];
  } else {
    impersonatedUserNames[$9]="na";
  }
}
END {
  for(request in sessionids){
    sessionid=sessionids[request];
    if(usernames[sessionid]){
      print others[request]" "sessionid" "usernames[sessionid]" "impersonatedUserNames[request]" "request;
   }
  }
}
	#!/usr/bin/awk
	# spring-impersonation-audit.awk
	# author: Nestor Urquiza
	# date: 20151123
	# description: Lists users and impersonated users per request

	{
	if(!usernames[$8] && match($0,"login.*j_username")){
	usernames[$8]=gensub(/^.j_username=([^& ])[& ].*$/,"\\1","g");
	}
	sessionids[$9]=$8;
	others[$9]=$1" "$2" "$7;
	if(match($0,"switchUser.*j_username")){
	impersonated[$8]=gensub(/^.j_username=([^& ])[& ].*$/,"\\1","g");
	}
	if(match($0,"switchUserExit.*")){
	impersonated[$8]="na";
	}
	if(impersonated[$8]){
	impersonatedUserNames[$9]=impersonated[$8];
	} else {
	impersonatedUserNames[$9]="na";
	}
	}
	END {
	for(request in sessionids){
	sessionid=sessionids[request];
	if(usernames[sessionid]){
	print others[request]" "sessionid" "usernames[sessionid]" "impersonatedUserNames[request]" "request;
	}
	}
	}