Export events from the database

Export keylogger events:

Sometimes questions arise on how you can export the accumulated data from the database.

Using the example of a specific question, let us analyze what we can export from the PostgreSQL database which is used in StaffCop Enterprise.

Task: Export all keystroke events so that the time of the event, the computer’s IP address and the workstation name and the keyboard input event are available.

Solution: Below there is an example of a script that does this operation and puts the output into the file - ‘out.log’. The command must be entered in the Linux console.

echo "select agent_event.id,agent_agent.last_ip,agent_agent.computer_name,agent_event.local_time,agent_event.text_data from agent_event INNER JOIN agent_agent on agent_event.agent_id = agent_agent.id where event_type_id=1;" | staffcop sql > out.log

And we will see this output in a text file:

../_images/linux_faq_export_from_database.png

This file can be downloaded from the server from the user’s home folder — via Filezilla or Winscp, by entering the username and password from the Linux console (By default, the username and password are support\support).

Export screenshots events:

Export all screenshots events:

echo "select agent_event.id,agent_agent.last_ip,agent_agent.computer_name,agent_event.local_time,agent_event.window_title from agent_event INNER JOIN agent_agent on agent_event.agent_id = agent_agent.id where event_type_id=4;" | staffcop sql > out.log

Display all screen capture events from the workstation with the name DESKTOP-6UFKRKU:

echo "select agent_event.id,agent_agent.last_ip,agent_agent.computer_name,agent_event.local_time,agent_event.window_title from agent_event INNER JOIN agent_agent on agent_event.agent_id = agent_agent.id where event_type_id=4 and agent_agent.computer_name='DESKTOP-6UFKRKU';" | staffcop sql > out.log