cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
sathya66
Barite | Level 11 sathya66
Barite | Level 11

Audit.log in linux capturing SAS audit

Posted 11-06-2020 04:31 AM (483 views)

All,

Audit.log in Linux is capturing the SAS details. is it by default or do we need to configure it somewhere?

Audit log is filling up very fast after patching that is causing server crash.Log rotation in place but not working after patching.

 

 

type=PROCTITLE msg=audit(1604652864.918:12790651): proctitle=706F7374677265733A20737461747320636F6C6C6563746F722070726F63657373202020
type=SYSCALL msg=audit(1604652864.918:12790652): arch=c000003e syscall=82 success=yes exit=0 a0=7ffd250bd920 a1=7ffd250bd520 a2=1a7a720 a3=1 items=5 ppid=26975 pid=26982 auid=1334035802 uid=103 gid=101 euid=103 suid=103 fsuid=103 egid=101 sgid=101 fsgid=101 tty=(none) ses=8 comm="postgres" exe="/sas/home/SASWebInfrastructurePlatformDataServer/9.4/bin/postgres" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
type=CWD msg=audit(1604652864.918:12790652): cwd="/SAS/config/Lev2/WebInfrastructurePlatformDataServer/data"
type=PATH msg=audit(1604652864.918:12790652): item=0 name="pg_stat_tmp/" inode=1575695 dev=ca:a0 mode=040700 ouid=103 ogid=101 rdev=00:00 obj=unconfined_u:object_r:unlabeled_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0

0 Likes
Reply
1 REPLY 1
AnandVyas
Ammonite | Level 13 AnandVyas
Ammonite | Level 13

Re: Audit.log in linux capturing SAS audit

Posted 11-06-2020 04:37 AM (478 views)  |   In reply to sathya66

Hi @sathya66 

 

I don't think its enabled by default. You can check the audit rules under /etc/audit/audit.rules or /etc/audit/rules.d/audit.rules file.

0 Likes
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 1 reply
  • ‎11-06-2020 04:31 AM
  • 484 views
  • 0 likes
  • 2 in conversation