I'm working on a script to audit roles & rules. I'm checking for rules which reference groups (AD based for us) which are no longer valid. I can also check for roles which have no rules which reference them. Am doing this by parsing the XML dumps of the rule/roles databases.
I'd also like to be able to check for the last time a role was used. Currently it seems like I need to use the user connection log which contains a username and the roles that user had applied to them. Doable, but the log is very large (300MB for us for just a 48 hour period).
Is there a more efficient way I should be tackling this? MAG-4610 appliances.
I'll go search now and find out there's a RESTful API which has calls to the things I'm after and my XML and log parsing has been a waste of time. :-)
If you have a syslog server you could set up a custom filter for the authentication successful log messages and forward the messages matching the filter to the syslog server. This would get you the roles mapped and a time stamp