# Regularly Export Queries **Scenario**: You want to export admin queries from your organization on a daily basis. This document explains how to do this by leveraging the `sdm audit` functionality to retrieve a list of queries and write them to a daily log file. Writing your own daily log can be especially important if you intend to store logs long-term. If you store logs with StrongDM, they are retained for a period of 13 months. If you write to your own log files, you can store them indefinitely or according to your own policies. See our [retention policy](https://docs.strongdm.com/admin/audit/logs/..#log-retention) for more information. ### Initial Setup We recommend creating a new Linux system user with restricted permissions to run the daily audit. In this example, `sdm` is used. Download and install the StrongDM client on [Linux](https://app.gitbook.com/s/HaY8OFbXUreWEF61MhKm/client/linux). {% hint style="info" %} You do not need to log into the Client. The admin token will serve as authentication. {% endhint %} ### Create an Admin Token To create an admin token, sign into the StrongDM Admin UI and go to **Principals** > **Tokens**. From there, you can create an admin token with the specific rights you require. In this case, you only need the **Audit > Queries** permission. After you click **Create**, a dialog displays with the admin token. Copy the token, and save it for later use in `/etc/sdm-admin.token` in the format `SDM_ADMIN_TOKEN=`. This file must be owned by your user. ```bash chown sdm:sdm /etc/sdm-admin.token ``` ### Example Log Archiver Script Here is an example log archiver script that, in the next step, is set up to run nightly. In this example, we store this script in `/opt/strongdm/bin/`. ```bash sudo mkdir -p /opt/strongdm/bin/ sudo mkdir -p /var/log/sdm/ sudo tee "/opt/strongdm/bin/log-archiver.sh" > /dev/null <<'EOT' #!/bin/bash START=$(date -d "yesterday 00:00" '+%Y-%m-%d 00:00:00') FN=$(date -d "yesterday 00:00" '+%Y-%m-%d') END=$(date -d "today 00:00" '+%Y-%m-%d 00:00:00') TARGET=/var/log/sdm /opt/strongdm/bin/sdm audit queries --from "$START" --to "$END" >> "$TARGET/queries.$FN" EOT sudo chown sdm:sdm /var/log/sdm /opt/strongdm/ /opt/strongdm/bin/ /opt/strongdm/bin/log-archiver.sh sudo chmod +x /opt/strongdm/bin/log-archiver.sh ``` #### Set up a systemd service and timer This `systemd` service definition runs the script daily at the time that `systemctl` is configured to run daily services. ```bash sudo tee "/etc/systemd/system/log-archiver.service" > /dev/null <<'EOT' [Unit] Description=SDM log archiver [Service] Type=oneshot EnvironmentFile=/etc/sdm-admin.token ExecStart=/opt/strongdm/bin/log-archiver.sh User=sdm EOT sudo tee "/etc/systemd/system/log-archiver.timer" > /dev/null <<'EOT' [Unit] Description=Run log archiver daily Requires=log-archiver.service [Timer] OnCalendar=daily Persistent=true [Install] WantedBy=timers.target EOT ``` #### Activate the timer Execute the following to activate the timer: ```bash sudo systemctl daemon-reload sudo systemctl enable log-archiver.timer sudo systemctl start log-archiver.timer ```