cleanUrl: /prophet-kr
cherry: true
<aside> π‘ Journey to find abnormal activities from logging data with periodic patterns
</aside>
Monitoring and configuring alerts for a new Single Sign-On service was done easily, but traditional metrics to find abnormal activities remains tough.

#!/bin/bash
REFRESH_TOKEN=`cat /var/opt/aerobase/dashboard/refresh_token`
RESULT=`curl --silent --location --request POST '<https://xxxx.co.kr/auth/realms/xxxx/protocol/openid-connect/token>' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=refresh_token' --data-urlencode 'client_id=view' --data-urlencode 'client_secret=************************' --data-urlencode 'refresh_token='$REFRESH_TOKEN''`
if echo ${RESULT} | grep -i "error"; then
echo "refresh failed, create a new session"
RESULT=`curl --silent --location --request POST '<https://xxxx.co.kr/auth/realms/xxxx/protocol/openid-connect/token>' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'client_id=view' --data-urlencode 'client_secret=************************'`
fi
echo ${RESULT} | jq '.access_token' | sed -e 's/\\"//g' > /var/opt/aerobase/dashboard/token
echo ${RESULT} | jq '.refresh_token' | sed -e 's/\\"//g' > /var/opt/aerobase/dashboard/refresh_token
#!/bin/bash
DB_NAME='app'
TABLE_NAME='sso-session'
TOKEN=`cat /var/opt/aerobase/dashboard/token`
# SSO API μΈμ
μ 보 μμ²
curl --silent --location --request GET '<https://xxxx.co.kr/auth/admin/realms/xxxx/client-session-stats>' --header 'Authorization: Bearer '$TOKEN'' > /var/opt/aerobase/dashboard/result
# μμ λ°μ΄ν°μμ νμν λ°μ΄ν°λ§ μΆμΆνμ¬ μ μ²λ¦¬
RESULT=`cat /var/opt/aerobase/dashboard/result | jq '.[] | {(.clientId):.active}'`
DATA=`echo $RESULT | sed -e 's/\\:/\\=/g' | sed -e 's/{\\| //g' | sed -e 's/\\"//g' | sed -e 's/}/,/g' | sed -e 's/.$//'`
# InfluxDB λ‘ μ μ₯ μμ²
curl -s -i -XPOST <http://xxxx:8086/write?db=${DB_NAME}> --data-binary "${TABLE_NAME} ${DATA}" | grep 'HTTP/1.1 204' > /dev/null 2>&1
[{"offline":"0","clientId":"idm-client","active":"1","id":"2690c992-bb59-4891-8220-62f86d7a6d33"},{"offline":"0","clientId":"data","active":"28","id":"77cbc073-c6c4-4fd1-92f3-3e2b44ef7912"},{"offline":"0","clientId":"portal","active":"418","id":"9d7f3882-f9be-4584-b16d-1c6c573d7a9d"},{"offline":"0","clientId":"iam-admin","active":"22","id":"5c2edf26-60e7-4ffc-b7d6-4a9a7e4cea82"},{"offline":"0","clientId":"iam","active":"4","id":"309c8cfc-e49e-4303-964a-2e0dfe79e566"}]