# Regularly Export Queries

**Scenario**: You want to export admin queries from your organization on a daily basis. This document explains how to do this by leveraging the `sdm audit` functionality to retrieve a list of queries and write them to a daily log file.

Writing your own daily log can be especially important if you intend to store logs long-term. If you store logs with StrongDM, they are retained for a period of 13 months. If you write to your own log files, you can store them indefinitely or according to your own policies. See our [retention policy](/admin/audit/logs.md#log-retention) for more information.

### Initial Setup

We recommend creating a new Linux system user with restricted permissions to run the daily audit. In this example, `sdm` is used.

Download and install the StrongDM client on [Linux](/users/client/linux.md).

{% hint style="info" %}
You do not need to log into the Client. The admin token will serve as authentication.
{% endhint %}

### Create an Admin Token

To create an admin token, sign into the StrongDM Admin UI and go to **Principals** > **Tokens**. From there, you can create an admin token with the specific rights you require. In this case, you only need the **Audit > Queries** permission.

After you click **Create**, a dialog displays with the admin token. Copy the token, and save it for later use in `/etc/sdm-admin.token` in the format `SDM_ADMIN_TOKEN=<YOUR_TOKEN>`.

This file must be owned by your user.

```bash
chown sdm:sdm /etc/sdm-admin.token
```

### Example Log Archiver Script

Here is an example log archiver script that, in the next step, is set up to run nightly. In this example, we store this script in `/opt/strongdm/bin/`.

```bash
sudo mkdir -p /opt/strongdm/bin/
sudo mkdir -p /var/log/sdm/
sudo tee "/opt/strongdm/bin/log-archiver.sh" > /dev/null <<'EOT'
#!/bin/bash

START=$(date -d "yesterday 00:00" '+%Y-%m-%d 00:00:00')
FN=$(date -d "yesterday 00:00" '+%Y-%m-%d')
END=$(date -d "today 00:00" '+%Y-%m-%d 00:00:00')
TARGET=/var/log/sdm

/opt/strongdm/bin/sdm audit queries --from "$START" --to "$END" >> "$TARGET/queries.$FN"
EOT
sudo chown sdm:sdm /var/log/sdm /opt/strongdm/ /opt/strongdm/bin/ /opt/strongdm/bin/log-archiver.sh
sudo chmod +x /opt/strongdm/bin/log-archiver.sh
```

#### Set up a systemd service and timer

This `systemd` service definition runs the script daily at the time that `systemctl` is configured to run daily services.

```bash
sudo tee "/etc/systemd/system/log-archiver.service" > /dev/null <<'EOT'
[Unit]
Description=SDM log archiver

[Service]
Type=oneshot
EnvironmentFile=/etc/sdm-admin.token
ExecStart=/opt/strongdm/bin/log-archiver.sh
User=sdm
EOT

sudo tee "/etc/systemd/system/log-archiver.timer" > /dev/null <<'EOT'
[Unit]
Description=Run log archiver daily
Requires=log-archiver.service

[Timer]
OnCalendar=daily
Persistent=true

[Install]
WantedBy=timers.target
EOT
```

#### Activate the timer

Execute the following to activate the timer:

```bash
sudo systemctl daemon-reload
sudo systemctl enable log-archiver.timer
sudo systemctl start log-archiver.timer
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.strongdm.com/admin/audit/logs/scenarios/export-queries.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.