Configuring Report Export

Overview

In report output configuration, there is an option for the on-event or scheduled report to be automatically exported to an external repository or portal:

report output delivery

Export settings for the entire SecureTrack system are defined in the Reports page: Settings > Configuration > Reports. Only a SecureTrack Administrator (Super Administrator in a Multi-Domain environment) can configure the Reports page. This page is also used for setting the report format and logo.

Export Settings

The export settings in the Reports page are:

export reports

Do Not Export Reports

In report output configurations, the export option is disabled.

Export Reports Using SCP

SecureTrack connects using SCP to the Destination host, using the specified User name and Password, and copies the report to the host's file system, to the specified Root URL in host (path on host to target location).

Folder structure defines how reports should be arranged in folders under the target location:

  • Single directory for all reports: All reports are placed directly in the target location.

  • Directory per report type: A folder is created for each report type (New revision report, Advanced change report, etc.).

  • Directory per context: In a Multi-Domain environment, the reports configured in each domain context are placed in a separate folder.

  • Export reports via user-defined script: This option is unavailable in TOS Aurora.

Export Reports via User-defined Script

Requirements

  • The user-defined script needs to be a Unix-formatted file written as a bash shell script.

  • The script should copy the report to a target that authorizes users: st and root

Copy the Script

  1. Copy the script file to the SecureTrack host in: /tmp/export_report_script.sh

  2. Set the script file permissions to 777 by running the following command:

    chmod 777 /tmp/export_report_script.sh
    chmod 777 /tmp/export_report_script.sh
  3. Get the name of the device-collector pod by running the following command:

    kubectl get po | grep device-collector | head -n 1 | awk {'print $1'}
    kubectl get po | grep device-collector | head -n 1 | awk {'print $1'}
  4. Copy the script file to the target location by running the following command:

    kubectl cp /tmp/export_report_script.sh POD_NAME:/usr/local/st/scripts/
    kubectl cp /tmp/export_report_script.sh POD_NAME:/usr/local/st/scripts/

    Where POD_NAME is the actual device-collector pod name obtained in the previous step.

SecureTrack will pass the following arguments to the script:

Argument

Description

1

Source PDF file path and name

2

Report owner

3

Report name

4

Report type

5

In a Multi-Domain environment: Report context

In a regular environment: This string is empty

6

The string “-mgmt_id”

7

The value of the management id

8

The string “-version”

9

The value of the policy version

10

"-report_id"

11

The value of the report output id.

12

Revision ID

When the triggering event parameter configured in Report > Report Configuration > ...Output > Send on Event occurs, SecureTrack will pass arguments 6-11 to the script.

The following sample script renames the file and copies it to /opt/tufin/logs/services/device-collector/ location on the SecureTrack host.

#!/bin/bash
SOURCEFILE=$1
REPORTOWNER=$2
REPORTNAME=$3
REPORTTYPE=$4
CONTEXT=$5
# make sure to use quote marks in case of spaces or special characters
TARGETFILENAME="$REPORTOWNER$REPORTNAME$REPORTTYPE$CONTEXT.pdf"
TARGETDIR="/var/log/st"
cp "$SOURCEFILE" "$TARGETDIR/$TARGETFILENAME"