I'm looking to use this tool to ingest logs to our SIEM. Only trouble is, as we are based in UK the timestamping appears to be causing me problems in testing. I've modifiend the pytz timezone to GMT but it still doesn't appear to be correct. When I run the script with a timestamp, not only does it not pull any logs but it also throws out a few errors.
Modification (Not sure if this is the correct way to do this)
May 31 10:58:05 GBWIN077 gsuite2mfe: Processing actvity: admin
May 31 10:58:05 GBWIN077 gsuite2mfe: *****
May 31 10:58:05 GBWIN077 gsuite2mfe: Authenticating to GSuite
May 31 10:58:05 GBWIN077 gsuite2mfe: Retrieving admin events from: 2019-05-31
10:50:38+00:00 to 2019-05-31 09:58:05+00:00
Traceback (most recent call last):
File "gsuite2mfe.py", line 559, in
main()
File "gsuite2mfe.py", line 532, in main
events = gsuite.execute()
File "gsuite2mfe.py", line 241, in execute
maxResults=self.max).execute()
File "C:\Users*REDACTED\PycharmProjects\Gsuite2LRv2\venv\lib\site-packages\googleapiclient_helpers.py", line 130, in positional_wrapper
return wrapped(args, *kwargs)
File "C:\Users*REDACTED\PycharmProjects\Gsuite2LRv2\venv\lib\site-packages\googleapiclient\http.py", line 851, in execute
raise HttpError(resp, content, uri=self.uri)
googleapiclient.errors.HttpError: <HttpError 400 when requesting https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?startTime=2019-05-31T10%3A50%3A38.000Z&endTime=2019-05-31T09%3A58%3A05Z&maxResults=50&alt=json returned "Invalid request:
Start time and end time should be within last 180 days. Start time should be less than end time.">
Hey Andy,
I'm looking to use this tool to ingest logs to our SIEM. Only trouble is, as we are based in UK the timestamping appears to be causing me problems in testing. I've modifiend the pytz timezone to GMT but it still doesn't appear to be correct. When I run the script with a timestamp, not only does it not pull any logs but it also throws out a few errors.
Modification (Not sure if this is the correct way to do this)
Example: python gsuite2mfe.py -s 2019-05-31T10:50:38.000Z -t -l debug
Output:
May 31 10:58:05 GBWIN077 gsuite2mfe: Processing actvity: admin May 31 10:58:05 GBWIN077 gsuite2mfe: ***** May 31 10:58:05 GBWIN077 gsuite2mfe: Authenticating to GSuite May 31 10:58:05 GBWIN077 gsuite2mfe: Retrieving admin events from: 2019-05-31
10:50:38+00:00 to 2019-05-31 09:58:05+00:00 Traceback (most recent call last): File "gsuite2mfe.py", line 559, in
main()
File "gsuite2mfe.py", line 532, in main
events = gsuite.execute()
File "gsuite2mfe.py", line 241, in execute
maxResults=self.max).execute()
File "C:\Users*REDACTED\PycharmProjects\Gsuite2LRv2\venv\lib\site-packages\googleapiclient_helpers.py", line 130, in positional_wrapper
return wrapped(args, *kwargs)
File "C:\Users*REDACTED\PycharmProjects\Gsuite2LRv2\venv\lib\site-packages\googleapiclient\http.py", line 851, in execute
raise HttpError(resp, content, uri=self.uri)
googleapiclient.errors.HttpError: <HttpError 400 when requesting https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?startTime=2019-05-31T10%3A50%3A38.000Z&endTime=2019-05-31T09%3A58%3A05Z&maxResults=50&alt=json returned "Invalid request:
Start time and end time should be within last 180 days. Start time should be less than end time.">
Hope you can help, L