If you use both Centrify and VMware Log Insight, and need to pull event logs from Centrify into Log Insight (in near real-time), this tool is for you!
This tool queries the Centrify API for your tenant, pulling the most recent entries in the Event table (logins, application launches, configuration changes, etc.). Then, it structures the event data into a syntax that can be imported to Log Insight, keeping event time accuracy and offering a series of structured fields to Log Insight to enable easy creation of dashboards, analytics queries, and so on. All the good stuff that Log Insight offers.
I wrote this to be modular and and it should be relatively easy to adapt for other data sources and destinations. So even if you are using only one of these two solutions, but trying to solve a similar problem, my code might be a starting point for you too.
Install this as a cron job, by scheduling run.sh on a 5 minute interval on some server. You place some configuration in a config.py file, and that’s it. Very simple.