the entry point script only downloads the events on initial start with a short polling interval #14
Description
Problem is that Dashlane events are not accessible through the dcli immediately. It takes a few minutes before the dcli can obtain audit logs. Therefore, the start and end date times never match an event if the polling is, let's say, every 60 seconds.
To fix this, I set the DASHLANE_CLI_TIMESTAMP to be the last known event from Dashlane (with default as in the code). After a set of events are downloaded, I obtain the latest date_time and set _TIMESTAMP to that value. I have two variables:
- START=DASHLANE_CLI_TIMESTAMP+1
- END=Current date time
In the below code, START will be set to 1 millisecond later than the last event downloaded. Therefore, you will not miss any event available in the next poll. Before, one set the --start value to the polling intervals and you may miss an event that may have happened just a minute before. At a polling interval of 60 seconds, you will always NOT get an event from Dashlane.
if [ -z "${DASHLANE_CLI_TIMESTAMP}" ]
then
DASHLANE_CLI_TIMESTAMP=$(date -d '1 day ago' +%s000)
fi
while true
do
# START is 1 millisecond beyond timestamp so as not to pick up a duplicate of the event
let START=$DASHLANE_CLI_TIMESTAMP+1
# END is the current date/time (unix epoch) in milliseconds
END=$(date +%s000)
DASHLANE_CLI_RESULT=$(dcli t l --start $START --end $END)
debug
if [ ! -z "$DASHLANE_CLI_RESULT" ]; then
# set the most recent event time from dashlane
DASHLANE_CLI_TIMESTAMP=$(echo $DASHLANE_CLI_RESULT | jq '.date_time' | head -1)
# send logs via fluentbit
echo $DASHLANE_CLI_RESULT | /opt/fluent-bit/bin/fluent-bit -c $DASHLANE_CLI_FLUENTBIT_CONF -q
fi
sleep ${DASHLANE_CLI_RUN_DELAY:-60}
done
`