Scribd
Upload
46 views13 pages

Audit Messages For Sas Library Access 2017

The document discusses audit logging for SAS library access. It introduces three loggers that track actions on SAS data sets and libraries. The loggers record details like the action, status, libref, table name and more. Instructions are provided for configuring the loggers in logconfig.xml and parsing the log files in SAS.

Uploaded by

Edinson Fer
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
46 views13 pages

Audit Messages For Sas Library Access 2017

The document discusses audit logging for SAS library access. It introduces three loggers that track actions on SAS data sets and libraries. The loggers record details like the action, status, libref, table name and more. Instructions are provided for configuring the loggers in logconfig.xml and parsing the log files in SAS.

Uploaded by

Edinson Fer
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Audit Messages for SAS Library Access

Peter Hobart

Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.


Auditing
Audit Messages for SAS Library Access
• Introduced in SAS 9.2 M3
• Track any contact with a table by interactive browsing or running code
• The logging facility provides three loggers to audit access to SAS libraries,
• This includes database tables
Logger that have been assigned by a LIBNAME
Action
statement
Audit.Data.Dataset.Delete writes a message to an audit log when a SAS data set is
deleted
Audit.Data.Dataset.Open writes a message to an audit log when a SAS data set is
opened
Audit.Data.Dataset.Rename writes a message to an audit log when a SAS data set is
renamed

Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.


Auditing
information available from a SAS library
• Action taken on the SAS data set: OPEN, DELETE, or RENAME.
• Status of the action taken on the SAS data set: SUCCESS or FAILED.
• Return code from the action and the associated message (if any).
• Warning and note messages have a status of SUCCESS and negative return codes.
• Error messages have a status of FAILED and positive return codes.
• The libref.
• The engine associated with the library.
• The library member name (Table name).
• If a SAS data set was renamed, the new member name.
• The library member type, such as catalog or data set.
• The mode that the library was opened for: INPUT, OUTPUT, or UPDATE.
• The path to the library or to a database table.

Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.


Auditing
Notes
• Audit messages are not available for in-database tables, filerefs, or SAS
OLAP cubes.
• Based on the XML configuration files that SAS provides, auditing
messages appear when the logging threshold is TRACE

Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.


Auditing
Setup
• Edit the logconfig.xml file for the relevant server(s)
• Typically, workspace servers and stored process servers

Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.


Auditing
Sample Logger
• <!-- Audit.Data.Dataset.Open logger definition -->

• <logger name="Audit.Data.Dataset.Open" additivity="false">


• <appender-ref ref="AuditLibraryFile"/>
• <level value="Trace"/>
• </logger>

Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.


Auditing
Sample Appender
<appender name="AuditLibraryFile" class="FileAppender">
<param name="Append" value="true"/>
<param name="ImmediateFlush" value="true"/>
<param name="fileNamePattern"
value="C:\SAS\Config\Lev1\SASApp\WorkspaceServer\Logs\Audit.Library_serv
er_%d_%S{hostname}_%S{pid}.log"/>
<layout>
<param name="ConversionPattern"
value="DateTime=%d Userid=%u Libref=%E{Audit.Dataset.Libref}
Engine=%E{Audit.Dataset.Engine}
Member=%E{Audit.Dataset.Member}
MemberType=%E{Audit.Dataset.Memtype}
OpenMode=%E{Audit.Dataset.Openmode}
Path=%E{Audit.Dataset.Path}"/>
</layout>
</appender>

Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.


Auditing
Conversion Patterns
• Conversion patterns on the "layout" tag of the appender provide the
format for log messages.
Pattern Information Example values

%d Event date & time 2016-09-09T14:40:28,788

%-5p Logging level TRACE

%t Thread identifier 00034120

%u User ID sasdemo@SUKPJH

%c Logger Audit.Data.Dataset.Open

%m Message Libref=ORIONSRC Engine=BASE Member=PRODUCT_DIM


MemberType=DATA OpenMode=INPUT Path=C:\OrionStar\Source
Engine=META Member=PRODUCT_DIM

Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.


Auditing
Example log
DateTime=2016-09-09T14:40:01,919 Userid=sasdemo@SUKPJH Libref=WORK
Engine=V9 Member=_PRODSAVAIL MemberType=DATA
OpenMode=OUTPUT Path=C:\Users\sasdemo\AppData\Local\Temp\SAS Temporary
Files\_TD22320_SUKPJH_\Prc2
DateTime=2016-09-09T14:40:08,604 Userid=sasdemo@SUKPJH Libref=ORIONSRC
Engine=BASE Member=CUSTOMER_DIM MemberType=DATA
OpenMode=INPUT Path=C:\OrionStar\Source
DateTime=2016-09-09T14:40:08,604 Userid=sasdemo@SUKPJH Libref=ORIONSRC
Engine=META Member=CUSTOMER_DIM MemberType=DATA
OpenMode=INPUT Path=C:\OrionStar\Source

Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.


Auditing
data auditlog ; Example code to parse an audit log
infile "C:\SAS\Config\Lev1\SASApp\WorkspaceServer\Logs\Audit.Library_server*.log";
length TimeStamp 8;
input
DateTime= : $100. Wild cards can be used in the infile
Userid= : $50. specification
Libref= : $8.
Engine= : $20.
Member= : $32.
SAS Named Input searches for
MemberType= : $8. name/value pairs on each line.
OpenMode= : $8.
Path= : $200.
;
TimeStamp = input(DateTime,E8601DT19.6);
format TimeStamp datetime21.;
drop DateTime;
run;
proc print data= auditlog;
run;

Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.


Auditing
Resulting SAS data set

Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.


Auditing
References

• SAS(R) 9.4 Logging: Configuration and Programming Reference, Second


Edition
• "Audit Messages for SAS Library Access"

• http://blogs.sas.com/content/sgf/2015/09/30/part-1-auditing-data-
access-who-did-what-and-when/

Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.


Appendix:
Complete logconfig.xml
• There is a complete working logconfig.xml in the notes for this page,
taken from my local Windows install of SAS 9.4M3

Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.

You might also like