Skip to main content

tollgate export

Exports audit logs in various formats for compliance reporting, SIEM integration, and analysis.

Usage

dotset tollgate export [options]

Options

OptionDescriptionDefault
-f, --format <format>Export format: json, jsonl, csv, or cefjsonl
-o, --output <path>Output file path (omit for stdout)stdout
--since <date>Only include records since this date (ISO format)-
--until <date>Only include records until this date (ISO format)-
-s, --server <name>Filter by server name-
-n, --limit <count>Maximum number of records to export-
--risk <level>Filter by risk level-
--no-redactInclude original (non-redacted) data-
--audit-path <path>Custom path for audit database~/.dotset/tollgate.db

Formats

JSON

Complete JSON array of all records: 
dotset tollgate export -f json -o audit.json

JSON Lines (Default)

One JSON object per line, ideal for streaming: 
dotset tollgate export -f jsonl -o audit.jsonl

CSV

Comma-separated values for spreadsheet analysis: 
dotset tollgate export -f csv -o audit.csv

CEF (Common Event Format)

For SIEM integration (Splunk, Datadog, etc.): 
dotset tollgate export -f cef -o audit.cef

Examples

Basic Export

# Export all logs as JSONL to stdout
dotset tollgate export

# Export as JSON to file
dotset tollgate export -f json -o audit.json

Filtering

# Export logs from last 24 hours
dotset tollgate export --since "2024-01-14T00:00:00Z"

# Export only postgres server logs
dotset tollgate export -s postgres

# Export only dangerous operations
dotset tollgate export --risk dangerous

# Combine filters
dotset tollgate export -s postgres --risk write --since "2024-01-01"

Compliance Reporting

# Weekly compliance report
dotset tollgate export \
  --since "2024-01-08T00:00:00Z" \
  --until "2024-01-15T00:00:00Z" \
  -f csv \
  -o weekly-report.csv

SIEM Integration

# Export to Splunk
dotset tollgate export -f cef | nc splunk-server 514

# Continuous export for real-time monitoring
while true; do
  dotset tollgate export -f cef --since "$(date -u -v-1M +%Y-%m-%dT%H:%M:%SZ)" | \
    nc siem-server 514
  sleep 60
done

Risk Levels

LevelDescription
safeNo-op or informational
readRead-only operations
writeData modification
destructivePotentially irreversible changes
dangerousHigh-risk operations

Privacy Considerations

By default, tool arguments are redacted in exports. Use --no-redact to include original data: 
# Includes PII/sensitive data - use with caution
dotset tollgate export --no-redact -o full-audit.json
[!CAUTION] Using --no-redact may expose sensitive data. Ensure proper access controls on output files.