Getting the Value from your Import and Export Logs

As I’ve mentioned before, I don’t think there’s a lot of value in keeping days of Run History. Far more useful are the Import and Export logs that you should be dumping from your Run Profiles. Using these files you can track exactly what went in and out, and more importantly, when it happened. This can be an invaluable aid in reducing fear and loathing of Identity Management – either by showing that MIIS blamelessly passed bad data through, or by proving that the setting was changed in the CDS, and not by MIIS itself, in some Judgement Day style malicious awakening.

One thing I do wish MIIS could do is timestamp these log files. The native configuration will overwrite the last log file, and where’s the use in that? However using MASequencer, or something like my simple queuing system, you should be able to insert steps to rename the log files following each Import and Export operation. Now to start with, you’re going to have an easier time if you’re always consistent with your log file naming. I keep it simple – import.xml and export.xml. I then encorporate the following VBScript sub into my scheduling script to copy the log to a datestamped version.

Sub ArchiveLog(MA, Profile)

‘ The Profile passed to the sub must be either “import” or “export”

Dim objLogFile, objArchiveFile

Dim strLogName, strArchiveName, logTime, dateStamp, strLine

strLogName = MIIS_FOLDER & “MaData” & MA & “” &_

Profile & “.xml”

If objFS.FileExists(strLogName) Then

logTime = Now()

dateStamp = DatePart(“yyyy”, logTime) & TwoChars(“m”, logTime) &_

TwoChars(“d”, logTime) & TwoChars(“h”, logTime) &_

TwoChars(“n”, logTime) & TwoChars(“s”, logTime)

strArchiveName = MIIS_FOLDER & “MaData” & MA & “” &_

Profile & dateStamp & “.xml”

Set objFile = objFS.GetFile(strLogName)

objFile.Copy strArchiveName

End If

End Sub

Function TwoChars(dtvar, time)

i = DatePart(dtvar, time)

If i < 10 Then

TwoChars = “0” & CStr(i)

Else

TwoChars = CStr(i)

End If

End Function

The XML files will need to be parsed somehow if you want to view them. I make a few simple modifications so that mine can be viewed in a browser using an XML stylesheet – more on that in this post.

About: Carol

I've been doing IT for 30 years, and IdM for 15. I live in Australia and build IdM solutions based on Microsoft Identity Manager. I also play the violin, but that doesn't help much with the IdM solutions.