topic Re: sas 9.4 ebi user logon auditing question in Administration and Deployment

sas 9.4 ebi user logon auditing question

robm — Sat, 05 Dec 2015 19:40:48 GMT

I see in webAdmin I can see data like:

Unique users: 61
Successful logins: 1879
Failed logins: 2121
Logoffs: 674

Year to date information:
Unique users: 61
Successful logins: 1879
Failed logins: 2121
Logoffs: 674

where are those stats located Id like to break them down into monthly stat\s if I can

Re: sas 9.4 ebi user logon auditing question

jakarman — Sat, 05 Dec 2015 20:30:12 GMT

Read the environment and check the collection that is done wiht ARM-logging (audting) there is a postgres database set up by SAS.
As strange as it looks the architecture is that SAS is dictating what your auditing needs coud be. The nomal expectation would be the supplier is offfering the options to create audit files/logs and you can take tailor the reporting/analzing to your needs.

Re: sas 9.4 ebi user logon auditing question

merrittr — Sat, 05 Dec 2015 21:53:53 GMT

Yes the SASHOME\SASWebInfrastructurePlatform\9.4\Static\wars\sas.wip.services\WEB-INF\spring-config\aop-config.xml

has

<bean class="com.sas.svcs.authentication.impl.aop.FailedLogonAuditAdvice">
<property name="auditRecorder" ref="auditRecorder" />
</bean>
<bean class="com.sas.svcs.authentication.impl.aop.SuccessfulLogoffAuditAdvice">
<property name="auditRecorder" ref="auditRecorder" />
</bean>
<bean class="com.sas.svcs.authentication.impl.aop.SuccessfulLogonAuditAdvice">
<property name="auditRecorder" ref="auditRecorder" />
</bean>

so I am sure its being logged but i cannot see where

Re: sas 9.4 ebi user logon auditing question

jakarman — Sun, 06 Dec 2015 08:22:13 GMT

I don't know anything on your part of the installation and how it is implemented.

What you have found is a configuration file that is part of the java container midtier and when used should indicate logging is done. A lot of assumptions. But how the logging could work you can pull more now.

Another java logging is SAS-VA http://support.sas.com/resources/papers/proceedings14/SAS167-2014.pdf it gives more on the logging options approach although it is not your situation. As it is part of http://support.sas.com/rnd/emi/APM94/apm94.faq.html

The bimtag is having all needed information. (page 93 99) http://support.sas.com/documentation/cdl/en/bimtag/68217/PDF/default/bimtag.pdf

"Changing the Location of the Log Files
To modify the location of a log file, follow these steps:
1Change directory to SAS-configuration-directory\Lev1\Web\Common\LogConfig and edit the log4j file for the application to modify.
2Locate the file appender and modify the value of the file parameter:"

The problem is the log events are coded parts within the java applications using the log4j interface. As you have you own application it is doubtful those events are coded in your application.

The logging setup usage is a challenging part of SAS normally been avoided and not easily accessible by SAS docs https://support.sas.com/documentation/cdl/en/logug/67485/HTML/default/viewer.htm#titlepage.htm