This can be exported by configuring a Scheduled Query Report.
Steps to set up a Scheduled query report:
1. Create a Query report with the Query given below
2. Create a Scheduled Report with the Query report created in the previous step
- Select appropriate File format (csv or xlsx or pdf)
- Select the option to Publish reports on the Central server and send the URL.
When this option is selected, the Reports get generated in this path :
<ProductInstllation Dir>webapps\DesktopCentral\server-data\<customerID>\schedulereport\<Report Configured Date>\<GenartedTime with Task ID>\<Report Name>
For eg. DesktopCentral_Server\webapps\DesktopCentral\server-data\1\schedulereport\2020-05-21\604May21202003_11PM\QueryReport.csv
This file can then be further included into the SIEM product as required
PgSQL Sorgusu
Query for Query report (Logs of this month):
SELECT EventCode.EVENT_TYPE AS Type, LONG_TO_DATE(EventLog.EVENT_TIMESTAMP),EventCode.EVENT_MODULE AS Module,EventLog.LOGON_USER_NAME AS Username,I18N_TRANSLATE(EventLog.EVENT_REMARKS,EventLog.EVENT_REMARKS_ARGS) ,RDSConnectionReason.REASON_MESSAGE AS Reason, EventTimeDuration.EVENT_TIME_DURATION AS time_duration, LONG_TO_DATE(EventTimeDuration.EVENT_START_TIME), LONG_TO_DATE(EventTimeDuration.EVENT_END_TIME), ResourceEventLogRel.RESOURCE_NAME AS Computer_Name FROM EventLog INNER JOIN EventCode ON EventLog.EVENT_ID=EventCode.EVENT_ID LEFT JOIN RDSConnectionReason ON RDSConnectionReason.EVENT_LOG_ID=EventLog.EVENT_LOG_ID LEFT JOIN ResourceEventLogRel ON ResourceEventLogRel.EVENT_LOG_ID=EventLog.EVENT_LOG_ID LEFT JOIN EventTimeDuration ON EventTimeDuration.EVENT_LOG_ID=EventLog.EVENT_LOG_ID WHERE EventLog.EVENT_TIMESTAMP >= <from_thismonth> AND EventLog.EVENT_TIMESTAMP<= <to_thismonth> ORDER BY EventLog.EVENT_TIMESTAMP