29. History Report Tool
C:\Program Files (x86)\OVERLAPS\historyreport.exe
The History Report Tool can be used to export History Log data for auditing or reporting purposes.
The tool can export in three formats:
- CSV - For importing into spreadsheet software such as Microsoft Excel.
- PDF – Creates a report in the Adobe Portable Document Format (PDF).
- RTF – Generates a Rich Text Format document compatible with most word processors.
29.1 Command Line Arguments
29.1.1 Required Arguments
You must specify at least one of the arguments “/pdf”, “/rtf” or *“/csv” and follow it with a valid path and filename to save the requested report to.
To get help, you can instead pass the argument “/help” or “/?” to see more information.
29.1.2 Optional Arguments
| Argument | Description |
|---|---|
| /db |
If your database is in a non-standard location, or you want to access it from a network share, specify the path and filename of your database using this parameter. |
| /date <date> |
Give a valid date format (for example “DD/MM/YY” or “MM/DD/YY” depending on your system locale) to only export history logs from that date. An incorrectly formatted date will show an error, but continue to export all logs instead. Note: If using a date format with spaces (e.g. “31 Jan 2020”), always enclose the date in quotes. |
| /start <date> | As an alternative to specifying an exact date, you can instead use the /start and /end parameters to specify a date range. |
| /end <date> | As above. |
| /find <search term> | Search the logs for a specific username, computer name, etc. |
| /action <action> | Limit the results to a specific action. This argument can be added multiple times to specify multiple actions. For a full list of actions, run “historyreport.exe /actions” or see below. |
| /limit <number> | Only output up to this number of results. Defaults to 10000. |
| /fndate | Append the current date and time to the filename. |
| /format <paper size> |
(Only applies to PDF and RTF) Format the document paper size. Defaults to A4. Valid values are: A0 to A6, B5, Ledger, Legal or Letter. |
| /landscape | (Only applies to PDF and RTF) Orient the page in landscape layout. |
29.1.3 Actions for Filtering
| Action Keyword | Description |
|---|---|
| Read | A password was read. |
| Reset | A password was expired. |
| SelfServiceRead | A password was read via Self-Service. |
| Justification | A user logged their justification for viewing a password. |
| ReadRequest | A request to read a password was entered into the Authorisation Request system. |
| ResetRequest | A request to expire a password was passed to the Authorisation Request system. |
| AuthoriseRead | A request to read a password was authorised. |
| AuthoriseReset | A request to expire a password was authorised. |
| DenyRead | A request to read a password was denied. |
| DenyReset | A request to expire a password was denied. |
| ReadComputerInfo | Computer information was viewed. |
| SaveComputerInfo | Computer information was modified (description field). |
| ComputerManagement | A Computer Management Task was processed. |
| ReadBitlockerRecoveryKey | A Bitlocker Recovery Key was read. |
| AddUser | A user or group was added. |
| EditUser | A user was edited/modified. |
| RemoveUser | A user or group was removed. |
| ModifyConfig | Changes were made to the site settings. |
| Login | A user logged in. |
| Logout | A user logged out. |
| Information | General information log entry. |
| Security | A general security-related log entry. |
| Error | An error occurred. |
| SnapshotOperation | A snapshot was taken of the current per-OU user permissions. |
29.2 Examples
Below are some example command lines to use with the History Report Tool.
historyreport.exe /pdf C:\Reports\overlaps.pdf
Exports all history records to a PDF file in C:\Reports.
historyreport.exe /rtf C:\Reports\overlaps.rtf /date 31/12/19 /action Read /action ReadRequest
Generates an RTF document container all Read and Requests to Read a password for the 31st December 2019 (in a locale that uses the DD/MM/YY format for this example).
historyreport.exe /csv C:\Reports\overlaps.csv /date “19 May 2020” /fndate /find asmith
Create a CSV report for all history logs on the 19th May 2020, appending the current date to the filename (for example “overlaps-201231-073000.csv” for 31st December 2020 at 7:30 am), and only returning matches which contain the name “asmith”.