Export events from the database¶
Export keylogger events:¶
Sometimes questions arise on how you can export the accumulated data from the database.
Using the example of a specific question, let us analyze what we can export from the PostgreSQL database which is used in StaffCop Enterprise.
Task: Export all keystroke events with the time of the event, the computer’s IP address, the workstation name and the keyboard input content.
Solution: Below there is an example of a script that does this operation and puts the output into the file - ‘out.log’. The command must be entered in the Linux console.
echo "select agent_event.id,agent_agent.last_ip,agent_agent.computer_name,agent_event.local_time,agent_event.text_data from agent_event INNER JOIN agent_agent on agent_event.agent_id = agent_agent.id where event_type_id=1;" | staffcop sql > out.log
And we will see this output in a text file:
This file can be downloaded from the server from the user’s home directory - with Filezilla ir Winscp, by entering the username and password from the Linux console (By default, the username and password are supportsupport).
Export screenshots events:¶
Export all screenshots events:
echo "select agent_event.id,agent_agent.last_ip,agent_agent.computer_name,agent_event.local_time,agent_event.window_title from agent_event INNER JOIN agent_agent on agent_event.agent_id = agent_agent.id where event_type_id=4;" | staffcop sql > out.log
Display all screen capture events from the workstation with the name DESKTOP-6UFKRKU:
echo "select agent_event.id,agent_agent.last_ip,agent_agent.computer_name,agent_event.local_time,agent_event.window_title from agent_event INNER JOIN agent_agent on agent_event.agent_id = agent_agent.id where event_type_id=4 and agent_agent.computer_name='DESKTOP-6UFKRKU';" | staffcop sql > out.log