Azure Rights Management: Creating reports from logs

Article
1/17/2024

Logging can be enabled for the Azure Rights Management (AADRM) service by following the steps outlined here:

http://blogs.technet.com/b/rms/archive/2014/01/07/enabling-and-using-logging-in-azure-rms.aspx

There are no detailed steps on how to create any reporting from those logs and there are no built in or canned reports.

We have several options for creating reports, but they primarily involve writing custom code. Rudimentary reports can be created however using Log Parser.

Commands

To download the logs, so they can be parsed, run the following PowerShell commands (from any machine with the AADRM Admin tools installed):

Connect-AadrmService

Confirm logging is enabled by running:

Get-AadrmUsageLogFeature

Then have it copy logs locally with something like:

Get-AadrmUsageLog -Path "C:\Logs\UsageLog.log" (or put them anywhere you like)

We can then download and use logparser (download and either put it in your path or copy it to System32) with the following examples to get basic reports. These will be in CSV files you can load in Excel.

Users by successful requests:

logparser.exe "SELECT user-id,COUNT(user-id) AS RequestsPerUser,MAX(Date) AS MostRecentLicenseDate,MAX(Time) AS MostRecentLicenseTime,request-type,result INTO 'X:\usage.csv' FROM 'X:\data\.log' WHERE (result LIKE '%Success%') AND (request-type='AcquireLicense') GROUP BY user-id,request-type,result ORDER BY RequestsPerUser DESC" -i:W3C -o:csv

Users by failed requests:

logparser.exe "SELECT user-id,COUNT(user-id) AS RequestsPerUser,MAX(Date) AS MostRecentLicenseDate,MAX(Time) AS MostRecentLicenseTime,request-type,result INTO 'X:\trst.csv' FROM 'X:\data\.log' WHERE (result NOT LIKE '%Success%') AND (request-type='AcquireLicense') GROUP BY user-id,request-type,result ORDER BY RequestsPerUser DESC" -i:W3C -o:csv

All successful license requests:

logparser.exe "SELECT user-id,COUNT(user-id) AS RequestsPerUser,MAX(Date) AS MostRecentLicenseDate,MAX(Time) AS MostRecentLicenseTime,request-type,result INTO 'X:\test.csv' FROM 'X:\data\.log' WHERE (result LIKE '%Success%') AND (request-type='AcquireLicense') GROUP BY user-id,request-type,result ORDER BY RequestsPerUser DESC" -i:W3C -o:csv

All failed license requests:

logparser.exe "SELECT user-id,COUNT(user-id) AS RequestsPerUser,MAX(Date) AS MostRecentLicenseDate,MAX(Time) AS MostRecentLicenseTime,request-type,result INTO 'X:\test.csv' FROM 'X:\data\.log' WHERE (result NOT LIKE '%Success%') AND (request-type='AcquireLicense') GROUP BY user-id,request-type,result ORDER BY RequestsPerUser DESC" -i:W3C -o:csv

All successful requests:

logparser.exe "SELECT date,time,request-type,user-id,result,owner-email,issuer,template-id,c-info,c-ip INTO 'X:\all.csv' FROM 'X:\data\.log' WHERE result LIKE '%Success%'" -i:W3C -o:csv

Share via